Update CHANGELOG.md

Co-authored-by: Joe Previte <jjprevite@gmail.com>

.github/CODEOWNERS

@@ -1,3 +1,5 @@
 * @coder/code-server-reviewers
 
 ci/helm-chart/ @Matthew-Beckett @alexgorbatchev
+
+docs/install.md @GNUxeava

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -66,11 +66,13 @@ body:
       required: false
   - type: checkboxes
     attributes:
-      label: Does this issue happen in VS Code?
-      description: Please try reproducing this issue in VS Code
+      label: Does this issue happen in VS Code or GitHub Codespaces?
+      description: Please try reproducing this issue in VS Code or GitHub Codespaces
       options:
         - label: I cannot reproduce this in VS Code.
           required: true
+        - label: I cannot reproduce this in GitHub Codespaces.
+          required: true
   - type: checkboxes
     attributes:
       label: Are you accessing code-server over HTTPS?

.github/semantic.yaml

@@ -61,3 +61,6 @@ types:
   # implementations. For example, if a commit adds a fix + test, it's a fix
   # commit. If a commit is simply bumping coverage, it's a test commit.
   - test
+
+  # A new release.
+  - release

.github/workflows/ci.yaml

@@ -29,30 +29,29 @@ jobs:
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: true
 
-      - name: Install Node.js v14
+      - name: Install Node.js v16
         uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16"
 
       - name: Install helm
-        uses: azure/setup-helm@v1.1
+        uses: azure/setup-helm@v3.3
 
-      # NOTE@jsjoeio
-      # disabling this until we can audit the build process
-      # and the usefulness of this step
-      # See: https://github.com/coder/code-server/issues/4287
-      # - name: Fetch dependencies from cache
-      #   id: cache-yarn
-      #   uses: actions/cache@v2
-      #   with:
-      #     path: "**/node_modules"
-      #     key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-      #     restore-keys: |
-      #       yarn-build-
+      - name: Fetch dependencies from cache
+        id: cache-yarn
+        uses: actions/cache@v3
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-
 
       - name: Install dependencies
-        # if: steps.cache-yarn.outputs.cache-hit != 'true'
+        if: steps.cache-yarn.outputs.cache-hit != 'true'
         run: yarn --frozen-lockfile
 
       - name: Run yarn fmt
@@ -71,15 +70,18 @@ jobs:
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: true
 
-      - name: Install Node.js v14
+      - name: Install Node.js v16
         uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16"
 
       - name: Fetch dependencies from cache
         id: cache-yarn
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: "**/node_modules"
           key: yarn-build-${{ hashFiles('**/yarn.lock') }}
@@ -102,56 +104,59 @@ jobs:
     env:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repo
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          submodules: true
 
-      - name: Install Node.js v14
+      - name: Install quilt
+        run: sudo apt update && sudo apt install quilt
+
+      - name: Patch Code
+        run: quilt push -a
+
+      - name: Install Node.js v16
         uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16"
 
-      # TODO@Teffen investigate why this omits code-oss-dev/node_modules
-      # - name: Fetch dependencies from cache
-      #   id: cache-yarn
-      #   uses: actions/cache@v2
-      #   with:
-      #     path: |
-      #       "**/node_modules"
-      #       "**/vendor/modules"
-      #       "**/vendor/modules/code-oss-dev/node_modules"
-      #     key: yarn-build-${{ hashFiles('**/yarn.lock') }}-${{ hashFiles('**/vendor/yarn.lock') }}
-      #     restore-keys: |
-      #       yarn-build-
+      - name: Fetch dependencies from cache
+        id: cache-yarn
+        uses: actions/cache@v3
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-
 
       - name: Install dependencies
-        # if: steps.cache-yarn.outputs.cache-hit != 'true'
+        if: steps.cache-yarn.outputs.cache-hit != 'true'
         run: yarn --frozen-lockfile
 
       - name: Build code-server
         run: yarn build
 
-      # Parse the hash of the latest commit inside vendor/modules/code-oss-dev
-      # use this to avoid rebuilding it if nothing changed
-      # How it works: the `git log` command fetches the hash of the last commit
-      # that changed a file inside `vendor/modules/code-oss-dev`. If a commit changes any file in there,
-      # the hash returned will change, and we rebuild vscode. If the hash did not change,
-      # (for example, a change to `src/` or `docs/`), we reuse the same build as last time.
-      # This saves a lot of time in CI, as compiling VSCode can take anywhere from 5-10 minutes.
-      - name: Get latest vendor/modules/code-oss-dev rev
+      # Get Code's git hash.  When this changes it means the content is
+      # different and we need to rebuild.
+      - name: Get latest lib/vscode rev
         id: vscode-rev
-        run: echo "::set-output name=rev::$(jq -r '.devDependencies["code-oss-dev"]' vendor/package.json | sed -r 's|.*#(.*)$|\1|')"
+        run: echo "::set-output name=rev::$(git rev-parse HEAD:./lib/vscode)"
 
-      - name: Attempt to fetch vscode build from cache
+      - name: Get version
+        id: version
+        run: echo "::set-output name=version::$(jq -r .version package.json)"
+
+      # We need to rebuild when we have a new version of Code, when any of
+      # the patches changed, or when the code-server version changes (since
+      # it gets embedded into the code).  Use VSCODE_CACHE_VERSION to
+      # force a rebuild.
+      - name: Fetch prebuilt Code package from cache
         id: cache-vscode
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
-          path: |
-            vendor/modules/code-oss-dev/.build
-            vendor/modules/code-oss-dev/out-build
-            vendor/modules/code-oss-dev/out-vscode-reh-web
-            vendor/modules/code-oss-dev/out-vscode-reh-web-min
-          key: vscode-reh-build-${{ steps.vscode-rev.outputs.rev }}
+          path: lib/vscode-reh-web-*
+          key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ steps.version.outputs.version }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
 
       - name: Build vscode
         if: steps.cache-vscode.outputs.cache-hit != 'true'
@@ -165,7 +170,9 @@ jobs:
         if: success()
 
       - name: Upload coverage report to Codecov
-        run: yarn coverage
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
         if: success()
 
       # The release package does not contain any native modules
@@ -179,7 +186,7 @@ jobs:
         run: tar -czf package.tar.gz release
 
       - name: Upload npm package artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: npm-package
           path: ./package.tar.gz
@@ -191,14 +198,18 @@ jobs:
     # This environment "npm" requires someone from
     # coder/code-server-reviewers to approve the PR before this job runs.
     environment: npm
-    # Only run if PR comes from base repo
+    # Only run if PR comes from base repo or event is not a PR
     # Reason: forks cannot access secrets and this will always fail
-    if: github.event.pull_request.head.repo.full_name == github.repository
+    if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
-      - uses: actions/download-artifact@v3
+      - name: Download artifact
+        uses: actions/download-artifact@v3
         id: download
         with:
           name: "npm-package"
@@ -214,6 +225,26 @@ jobs:
           # Instead, itis determined in publish-npm.sh script
           # using GITHUB environment variables
 
+      - name: Comment npm information
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          GITHUB_TOKEN: ${{ github.token }}
+          header: npm-dev-build
+          message: |
+            ✨ code-server dev build published to npm for PR #${{ github.event.number }}!
+            * _Last publish status_: success
+            * _Commit_: ${{ github.event.pull_request.head.sha }}
+
+            To install in a local project, run:
+            ```shell-session
+            npm install @coder/code-server-pr@${{ github.event.number }}
+            ```
+
+            To install globally, run:
+            ```shell-session
+            npm install -g @coder/code-server-pr@${{ github.event.number }}
+            ```
+
   # TODO: cache building yarn --production
   # possibly 2m30s of savings(?)
   # this requires refactoring our release scripts
@@ -225,22 +256,26 @@ jobs:
     container: "centos:7"
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
-      - name: Install Node.js v14
+      - name: Install Node.js v16
         uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16"
 
       - name: Install development tools
         run: |
           yum install -y epel-release centos-release-scl
-          yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync
+          yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync python3
 
       - name: Install nfpm and envsubst
         run: |
-          curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
-          curl -L https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
+          mkdir -p ~/.local/bin
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
+          curl -sSfL https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
           chmod +x envsubst
           mv envsubst ~/.local/bin
           echo "$HOME/.local/bin" >> $GITHUB_PATH
@@ -261,14 +296,17 @@ jobs:
       - name: Build standalone release
         run: source scl_source enable devtoolset-9 && yarn release:standalone
 
-      - name: Sanity test standalone release
-        run: yarn test:standalone-release
+      - name: Install test dependencies
+        run: SKIP_SUBMODULE_DEPS=1 yarn install
+
+      - name: Run integration tests on standalone release
+        run: yarn test:integration
 
       - name: Build packages with nfpm
         run: yarn package
 
       - name: Upload release artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: release-packages
           path: ./release-packages
@@ -311,19 +349,23 @@ jobs:
       CXX: ${{ format('{0}-g++', matrix.prefix) }}
       LINK: ${{ format('{0}-g++', matrix.prefix) }}
       NPM_CONFIG_ARCH: ${{ matrix.arch }}
-      NODE_VERSION: v14.17.4
+      NODE_VERSION: v16.13.0
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
-      - name: Install Node.js v14
+      - name: Install Node.js v16
         uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16"
 
       - name: Install nfpm
         run: |
-          curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
+          mkdir -p ~/.local/bin
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
           echo "$HOME/.local/bin" >> $GITHUB_PATH
 
       - name: Install cross-compiler
@@ -352,7 +394,7 @@ jobs:
         run: yarn package ${NPM_CONFIG_ARCH}
 
       - name: Upload release artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: release-packages
           path: ./release-packages
@@ -363,16 +405,20 @@ jobs:
     runs-on: macos-latest
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
-      - name: Install Node.js v14
+      - name: Install Node.js v16
         uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16"
 
       - name: Install nfpm
         run: |
-          curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
+          mkdir -p ~/.local/bin
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
           echo "$HOME/.local/bin" >> $GITHUB_PATH
 
       - name: Download npm package
@@ -386,14 +432,17 @@ jobs:
       - name: Build standalone release
         run: yarn release:standalone
 
-      - name: Sanity test standalone release
-        run: yarn test:standalone-release
+      - name: Install test dependencies
+        run: SKIP_SUBMODULE_DEPS=1 yarn install
+
+      - name: Run integration tests on standalone release
+        run: yarn test:integration
 
       - name: Build packages with nfpm
         run: yarn package
 
       - name: Upload release artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: release-packages
           path: ./release-packages
@@ -408,16 +457,19 @@ jobs:
       # since VS Code will load faster due to the bundling.
       CODE_SERVER_TEST_ENTRY: "./release-packages/code-server-linux-amd64"
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
 
-      - name: Install Node.js v14
+      - name: Install Node.js v16
         uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16"
 
       - name: Fetch dependencies from cache
         id: cache-yarn
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: "**/node_modules"
           key: yarn-build-${{ hashFiles('**/yarn.lock') }}
@@ -438,7 +490,7 @@ jobs:
 
       - name: Install dependencies
         if: steps.cache-yarn.outputs.cache-hit != 'true'
-        run: yarn --frozen-lockfile
+        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
 
       - name: Install Playwright OS dependencies
         run: |
@@ -446,11 +498,11 @@ jobs:
           ./test/node_modules/.bin/playwright install
 
       - name: Run end-to-end tests
-        run: yarn test:e2e
+        run: yarn test:e2e --global-timeout 840000
 
       - name: Upload test artifacts
         if: always()
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: failed-test-videos
           path: ./test/test-results
@@ -458,14 +510,106 @@ jobs:
       - name: Remove release packages and test artifacts
         run: rm -rf ./release-packages ./test/test-results
 
+  test-e2e-proxy:
+    name: End-to-end tests behind proxy
+    needs: package-linux-amd64
+    runs-on: ubuntu-latest
+    timeout-minutes: 25
+    env:
+      # Since we build code-server we might as well run tests from the release
+      # since VS Code will load faster due to the bundling.
+      CODE_SERVER_TEST_ENTRY: "./release-packages/code-server-linux-amd64"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Install Node.js v16
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16"
+
+      - name: Fetch dependencies from cache
+        id: cache-yarn
+        uses: actions/cache@v3
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-
+
+      - name: Download release packages
+        uses: actions/download-artifact@v3
+        with:
+          name: release-packages
+          path: ./release-packages
+
+      - name: Untar code-server release
+        run: |
+          cd release-packages
+          tar -xzf code-server*-linux-amd64.tar.gz
+          mv code-server*-linux-amd64 code-server-linux-amd64
+
+      - name: Install dependencies
+        if: steps.cache-yarn.outputs.cache-hit != 'true'
+        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
+
+      - name: Install Playwright OS dependencies
+        run: |
+          ./test/node_modules/.bin/playwright install-deps
+          ./test/node_modules/.bin/playwright install
+
+      - name: Cache Caddy
+        uses: actions/cache@v2
+        id: caddy-cache
+        with:
+          path: |
+            ~/.cache/caddy
+          key: cache-caddy-2.5.2
+
+      - name: Install Caddy
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        if: steps.caddy-cache.outputs.cache-hit != 'true'
+        run: |
+          gh release download v2.5.2 --repo caddyserver/caddy --pattern "caddy_2.5.2_linux_amd64.tar.gz"
+          mkdir -p ~/.cache/caddy 
+          tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
+
+      - name: Start Caddy
+        run: sudo ~/.cache/caddy/caddy start --config ./ci/Caddyfile
+
+      - name: Run end-to-end tests
+        run: yarn test:e2e:proxy
+
+      - name: Stop Caddy
+        if: always()
+        run: sudo ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
+
+      - name: Upload test artifacts
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: failed-test-videos-proxy
+          path: ./test/test-results
+
+      - name: Remove release packages and test artifacts
+        run: rm -rf ./release-packages ./test/test-results
+
   trivy-scan-repo:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     runs-on: ubuntu-20.04
     steps:
-      - name: Checkout code
+      - name: Checkout repo
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
       - name: Run Trivy vulnerability scanner in repo mode
-        #Commit SHA for v0.0.17
-        uses: aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
+        uses: aquasecurity/trivy-action@12814ff8bcb32c97f4d963e6e7903674b1692fa0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -474,7 +618,8 @@ jobs:
           template: "@/contrib/sarif.tpl"
           output: "trivy-repo-results.sarif"
           severity: "HIGH,CRITICAL"
+
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-repo-results.sarif"

.github/workflows/codeql-analysis.yml

@@ -17,8 +17,15 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
+    permissions:
+      actions: read # for github/codeql-action/init to get workflow details
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/autobuild to send a status report
     name: Analyze
     runs-on: ubuntu-20.04
 
@@ -28,13 +35,13 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         with:
           config-file: ./.github/codeql-config.yml
           languages: javascript
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2

.github/workflows/docker.yaml

@@ -24,18 +24,37 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v2
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Run ./ci/steps/docker-buildx-push.sh
-        run: ./ci/steps/docker-buildx-push.sh
+      - name: Login to GHCR
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get version
+        id: version
+        run: echo "::set-output name=version::$(jq -r .version package.json)"
+
+      - name: Download release artifacts
+        uses: robinraju/release-downloader@v1.4
+        with:
+          repository: "coder/code-server"
+          tag: v${{ steps.version.outputs.version }}
+          fileName: "*.deb"
+          out-file-path: "release-packages"
+
+      - name: Publish to Docker
+        run: yarn publish:docker
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/docs-preview.yaml

@@ -4,6 +4,8 @@ on:
   pull_request:
     branches:
       - main
+    paths:
+      - "docs/**"
 
 permissions:
   actions: none
@@ -17,89 +19,28 @@ permissions:
   security-events: none
   statuses: none
 
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
 jobs:
   preview:
     name: Docs preview
     runs-on: ubuntu-20.04
-    environment: CI
-    # Only run if PR comes from base repo
-    # Reason: forks cannot access secrets and this will always fail
-    if: github.event.pull_request.head.repo.full_name == github.repository
     steps:
-      - name: Cancel Previous Runs
-        uses: styfle/cancel-workflow-action@0.9.1
+      - uses: actions/checkout@v3
 
-      - name: Checkout m
-        uses: actions/checkout@v3
-        with:
-          repository: coder/m
-          ref: refs/heads/master
-          ssh-key: ${{ secrets.READONLY_M_DEPLOY_KEY }}
-          submodules: true
-          fetch-depth: 0
-
-      - name: Install Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 14
-
-      - name: Cache Node Modules
-        uses: actions/cache@v2
-        with:
-          path: "/node_modules"
-          key: node-${{ hashFiles('yarn.lock') }}
-
-      - name: Create Deployment
-        id: deployment
-        run: ./ci/scripts/github_deployment.sh create
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          DEPLOY_ENVIRONMENT: codercom-preview-docs
-
-      - name: Deploy Preview to Vercel
-        id: preview
-        run: ./ci/scripts/deploy_vercel.sh
-        env:
-          VERCEL_ORG_ID: team_tGkWfhEGGelkkqUUm9nXq17r
-          VERCEL_PROJECT_ID: QmZRucMRh3GFk1817ZgXjRVuw5fhTspHPHKct3JNQDEPGd
-          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
-          CODE_SERVER_DOCS_MAIN_BRANCH: ${{ github.event.pull_request.head.sha }}
-
-      - name: Install node_modules
-        run: yarn install
-
-      - name: Check docs
-        run: yarn ts-node ./product/coder.com/site/scripts/checkDocs.ts
-        env:
-          BASE_URL: ${{ steps.preview.outputs.url }}
-
-      - name: Update Deployment
-        # If we don't specify always, it won't run this check if failed.
-        # This means the deployment would be stuck pending.
-        if: always()
-        run: ./ci/scripts/github_deployment.sh update
-        env:
-          GITHUB_DEPLOYMENT: ${{ steps.deployment.outputs.id }}
-          GITHUB_TOKEN: ${{ github.token }}
-          DEPLOY_STATUS: ${{ steps.preview.outcome }}
-          DEPLOY_URL: ${{ steps.preview.outputs.url }}
+      - name: Set outputs
+        id: vars
+        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
 
       - name: Comment Credentials
         uses: marocchino/sticky-pull-request-comment@v2
-        if: always()
+        # Only run if PR comes from base repo
+        # Reason: forks cannot access secrets and this will always fail
+        if: github.event.pull_request.head.repo.full_name == github.repository
         with:
+          GITHUB_TOKEN: ${{ github.token }}
           header: codercom-preview-docs
           message: |
-            ✨ Coder.com for PR #${{ github.event.number }} deployed! It will be updated on every commit.
-
-            * _Host_: ${{ steps.preview.outputs.url }}/docs/code-server
-            * _Last deploy status_: ${{ steps.preview.outcome }}
+            ✨ code-server docs for PR #${{ github.event.number }} is ready! It will be updated on every commit.
+            * _Host_: https://coder.com/docs/code-server/${{ steps.vars.outputs.sha_short }}
+            * _Last deploy status_: success
             * _Commit_: ${{ github.event.pull_request.head.sha }}
             * _Workflow status_: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/installer.yml

@@ -19,6 +19,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+permissions:
+  contents: read
+
 jobs:
   ubuntu:
     name: Test installer on Ubuntu
@@ -31,12 +34,12 @@ jobs:
         run: ./install.sh
 
       - name: Test code-server
-        run: yarn test:standalone-release code-server
+        run: CODE_SERVER_PATH="code-server" yarn test:integration
 
   alpine:
     name: Test installer on Alpine
     runs-on: ubuntu-latest
-    container: "alpine:3.14"
+    container: "alpine:3.16"
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
@@ -63,4 +66,4 @@ jobs:
         run: ./install.sh
 
       - name: Test code-server
-        run: yarn test:standalone-release code-server
+        run: CODE_SERVER_PATH="code-server" yarn test:integration

.github/workflows/npm-brew.yaml

@@ -23,9 +23,17 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - uses: actions/download-artifact@v3
+      - name: Get version
+        id: version
+        run: echo "::set-output name=version::$(jq -r .version package.json)"
+
+      - name: Download artifact
+        uses: dawidd6/action-download-artifact@v2
         id: download
         with:
+          branch: release/v${{ steps.version.outputs.version }}
+          workflow: ci.yaml
+          workflow_conclusion: completed
           name: "npm-package"
           path: release-npm-package
 
@@ -37,10 +45,8 @@ jobs:
           NPM_ENVIRONMENT: "production"
 
   homebrew:
-    # The newest version of code-server needs to be available on npm when this runs
-    # otherwise, it will 404 and won't open a PR to bump version on homebrew/homebrew-core
     needs: npm
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     steps:
       # Ensure things are up to date
       # Suggested by homebrew maintainers
@@ -49,11 +55,14 @@ jobs:
         id: set-up-homebrew
         uses: Homebrew/actions/setup-homebrew@master
 
-      - uses: actions/checkout@v3
+      - name: Checkout code-server
+        uses: actions/checkout@v3
+
       - name: Configure git
         run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
+          git config --global user.name cdrci
+          git config --global user.email opensource@coder.com
+
       - name: Bump code-server homebrew version
         env:
           HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_GITHUB_API_TOKEN}}

.github/workflows/scripts.yml

@@ -38,7 +38,7 @@ jobs:
     name: Run script unit tests
     runs-on: ubuntu-latest
     # This runs on Alpine to make sure we're testing with actual sh.
-    container: "alpine:3.14"
+    container: "alpine:3.16"
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3

.github/workflows/trivy-docker.yaml

@@ -0,0 +1,65 @@
+name: Trivy Nightly Docker Scan
+
+on:
+  # Run scans if the workflow is modified, in order to test the
+  # workflow itself. This results in some spurious notifications,
+  # but seems okay for testing.
+  pull_request:
+    branches:
+      - main
+    paths:
+      - .github/workflows/trivy-docker.yaml
+
+  # Run scans against master whenever changes are merged.
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/trivy-docker.yaml
+
+  schedule:
+    # Run at 10:15 am UTC (3:15am PT/5:15am CT)
+    # Run at 0 minutes 0 hours of every day.
+    - cron: "15 10 * * *"
+
+  workflow_dispatch:
+
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  issues: none
+  packages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: write
+  statuses: none
+
+# Cancel in-progress runs for pull requests when developers push
+# additional changes, and serialize builds in branches.
+# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+jobs:
+  trivy-scan-image:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner in image mode
+        uses: aquasecurity/trivy-action@12814ff8bcb32c97f4d963e6e7903674b1692fa0
+        with:
+          image-ref: "docker.io/codercom/code-server:latest"
+          ignore-unfixed: true
+          format: "sarif"
+          output: "trivy-image-results.sarif"
+          severity: "HIGH,CRITICAL"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-image-results.sarif"

.gitignore

@@ -8,12 +8,18 @@ release-packages/
 release-gcp/
 release-images/
 node_modules
-vendor/modules
-node-*
 /plugins
 /lib/coder-cloud-agent
 .home
 coverage
 **/.DS_Store
+
+# Code packages itself here.
+/lib/vscode-reh-web-*
+
 # Failed e2e test videos are saved here
 test/test-results
+
+# Quilt's internal data.
+/.pc
+/patches/*.diff~

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "lib/vscode"]
+	path = lib/vscode
+	url = https://github.com/microsoft/vscode

.node-version

@@ -1 +1 @@
-14
+16

.prettierignore

@@ -0,0 +1 @@
+lib/vscode

.prettierrc.yaml

@@ -4,14 +4,3 @@ trailingComma: all
 arrowParens: always
 singleQuote: false
 useTabs: false
-
-overrides:
-  # Attempt to keep VScode's existing code style intact.
-  - files: "vendor/modules/code-oss-dev/**/*.ts"
-    options:
-      # No limit defined upstream.
-      printWidth: 10000
-      semi: true
-      singleQuote: true
-      useTabs: true
-      arrowParens: avoid

.tours/contributing.tour

@@ -50,7 +50,7 @@
     {
       "file": "src/node/heart.ts",
       "line": 7,
-      "description": "code-server's heart beats to indicate recent activity.\n\nAlso documented here: [https://github.com/coder/code-server/blob/master/docs/FAQ.md#heartbeat-file](https://github.com/coder/code-server/blob/master/docs/FAQ.md#heartbeat-file)"
+      "description": "code-server's heart beats to indicate recent activity.\n\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#heartbeat-file](https://github.com/coder/code-server/blob/main/docs/FAQ.md#heartbeat-file)"
     },
     {
       "file": "src/node/socket.ts",
@@ -80,12 +80,12 @@
     {
       "file": "src/node/routes/domainProxy.ts",
       "line": 18,
-      "description": "code-server provides a built-in proxy to help in developing web-based applications. This is the code for the domain-based proxy.\n\nAlso documented here: [https://github.com/coder/code-server/blob/master/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/coder/code-server/blob/master/docs/FAQ.md#how-do-i-securely-access-web-services)"
+      "description": "code-server provides a built-in proxy to help in developing web-based applications. This is the code for the domain-based proxy.\n\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services)"
     },
     {
       "file": "src/node/routes/pathProxy.ts",
       "line": 19,
-      "description": "Here is the path-based version of the proxy.\n\nAlso documented here: [https://github.com/coder/code-server/blob/master/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/coder/code-server/blob/master/docs/FAQ.md#how-do-i-securely-access-web-services)"
+      "description": "Here is the path-based version of the proxy.\n\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services)"
     },
     {
       "file": "src/node/proxy.ts",
@@ -95,7 +95,7 @@
     {
       "file": "src/node/routes/health.ts",
       "line": 5,
-      "description": "A simple endpoint that lets you see if code-server is up.\n\nAlso documented here: [https://github.com/coder/code-server/blob/master/docs/FAQ.md#healthz-endpoint](https://github.com/coder/code-server/blob/master/docs/FAQ.md#healthz-endpoint)"
+      "description": "A simple endpoint that lets you see if code-server is up.\n\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#healthz-endpoint](https://github.com/coder/code-server/blob/main/docs/FAQ.md#healthz-endpoint)"
     },
     {
       "file": "src/node/routes/login.ts",
@@ -143,9 +143,9 @@
       "description": "Static images and the manifest live here in `src/browser/media` (see the explorer)."
     },
     {
-      "directory": "vendor/modules/code-oss-dev",
+      "directory": "lib/vscode",
       "line": 1,
-      "description": "code-server makes use of VS Code's frontend web/remote support. Most of the modifications implement the remote server since that portion of the code is closed source and not released with VS Code.\n\nWe also have a few bug fixes and have added some features (like client-side extensions). See [https://github.com/coder/code-server/blob/master/docs/CONTRIBUTING.md#modifications-to-vs-code](https://github.com/coder/code-server/blob/master/docs/CONTRIBUTING.md#modifications-to-vs-code) for a list.\n\nWe make an effort to keep the modifications as few as possible."
+      "description": "code-server makes use of VS Code's frontend web/remote support. Most of the modifications implement the remote server since that portion of the code is closed source and not released with VS Code.\n\nWe also have a few bug fixes and have added some features (like client-side extensions). See [https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md#modifications-to-vs-code](https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md#modifications-to-vs-code) for a list.\n\nWe make an effort to keep the modifications as few as possible."
     }
   ]
 }

.tours/start-development.tour

@@ -5,7 +5,7 @@
     {
       "file": "package.json",
       "line": 31,
-      "description": "## Commands\n\nTo start developing, make sure you have Node 14+ and the [required dependencies](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites) installed. Then, run the following commands:\n\n1. Install dependencies:\n>> yarn\n\n3. Start development mode (and watch for changes):\n>> yarn watch"
+      "description": "## Commands\n\nTo start developing, make sure you have Node 16+ and the [required dependencies](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites) installed. Then, run the following commands:\n\n1. Install dependencies:\n>> yarn\n\n3. Start development mode (and watch for changes):\n>> yarn watch"
     },
     {
       "file": "src/node/app.ts",
@@ -20,7 +20,7 @@
     {
       "file": "src/node/app.ts",
       "line": 62,
-      "description": "## That's it!\n\n\nThat's all there is to it! When this tour ends, your terminal session may stop, but just use `yarn watch` to start developing from here on out!\n\n\nIf you haven't already, be sure to check out these resources:\n- [Tour: Contributing](command:codetour.startTourByTitle?[\"Contributing\")\n- [Docs: FAQ.md](https://github.com/coder/code-server/blob/master/docs/FAQ.md)\n- [Docs: CONTRIBUTING.md](https://github.com/coder/code-server/blob/master/docs/CONTRIBUTING.md)\n- [Community: GitHub Discussions](https://github.com/coder/code-server/discussions)\n- [Community: Slack](https://community.coder.com)"
+      "description": "## That's it!\n\n\nThat's all there is to it! When this tour ends, your terminal session may stop, but just use `yarn watch` to start developing from here on out!\n\n\nIf you haven't already, be sure to check out these resources:\n- [Tour: Contributing](command:codetour.startTourByTitle?[\"Contributing\"])\n- [Docs: FAQ.md](https://github.com/coder/code-server/blob/main/docs/FAQ.md)\n- [Docs: CONTRIBUTING.md](https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md)\n- [Community: GitHub Discussions](https://github.com/coder/code-server/discussions)\n- [Community: Slack](https://community.coder.com)"
     }
   ]
-}
+}

CHANGELOG.md

@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [9.99.999] - 9090-09-09
 
-VS Code v99.99.999
+Code v99.99.999
 
 ### Changed
 ### Added
@@ -20,17 +20,231 @@ VS Code v99.99.999
 
 -->
 
-## [Unreleased](https://github.com/coder/code-server/releases)
+## [4.6.0](https://github.com/coder/code-server/releases/tag/v4.6.0) - 2022-08-17
 
-VS Code v0.00.0
+Code v1.70.1
 
 ### Changed
 
-- Add here
+- Updated Code to 1.70.1.
+
+### Added
+
+- Added a heartbeat to sockets. This should prevent them from getting closed by
+  reverse proxy timeouts when idle like NGINX's default 60-second timeout.
+
+### Fixed
+
+- Fixed logout option appearing even when authentication is disabled.
+
+## [4.5.2](https://github.com/coder/code-server/releases/tag/v4.5.2) - 2022-08-15
+
+Code v1.68.1
+
+### Security
+
+- Fixed the proxy route not performing authentication. For example if you were
+  to run a development HTTP server using `python -m http.server 8000` then it
+  would be accessible at `my.domain/proxy/8000/` without any authentication.
+
+  If all of the following apply to you please update as soon as possible:
+
+  - You run code-server with the built-in password authentication.
+  - You run unprotected HTTP services on ports accessible by code-server.
+
+### Changed
+
+- Invoking `code-server` in the integrated terminal will now use the script that
+  comes with upstream Code. This means flags like `--wait` will be
+  automatically supported now. However the upstream script only has the ability
+  to interact with the running code-server and cannot spawn new instances. If
+  you need to spawn a new code-server from the integrated terminal please
+  specify the full path to code-server's usual script (for example
+  `/usr/bin/code-server`).
+
+### Fixed
+
+- Invoking `code-server` in the integrated terminal will now work instead of
+  erroring about not finding Node.
+
+## [4.5.1](https://github.com/coder/code-server/releases/tag/v4.5.1) - 2022-07-18
+
+Code v1.68.1
+
+### Changed
+
+- We now use `release/v<0.0.0>` for the release branch name so it doesn't
+  conflict with the tag name
+- Added `.prettierignore` to ignore formatting files in `lib/vscode`
+
+### Added
+
+- Allow more comprehensive affinity config in Helm chart
+- Added custom message in Homebrew PR to make sure code-server maintainers are
+  tagged
+- Allow setting `priorityClassName` via Helm chart
+- Added troubleshooting docs to `CONTRIBUTING.md`
+
+### Fixed
+
+- Removed default memory limit which was set via `NODE_OPTIONS`
+- Changed output in pipe to make it easier to debug code-server when doing live
+  edits
+- Fixed display-language patch to use correct path which broke in 4.5.0
+- Fixed multiple code-server windows opening when using the code-server CLI in
+  the Integrated Terminal
+- Fixed Integrated Terminal not working when web base was not the root path
+
+### Security
+
+- Updated `glob-parent` version in dependencies
+
+## [4.5.0](https://github.com/coder/code-server/releases/tag/v4.5.0) - 2022-06-29
+
+Code v1.68.1
+
+### Changed
+
+- Updated codecov to use codecov uploader
+- Moved integration tests to Jest
+- Fixed docker release to only download .deb
+- Upgraded to Code 1.68.1
+- Install `nfpm` from GitHub
+- Upgraded to TypeScript 4.6
+
+### Added
+
+- Added tests for `open`, `isWsl`, `handlePasswordValidation`
+- Provided alternate image registry to dockerhub
+- Allowed users to have scripts run on container with `ENTRYPOINTD` environment
+  variable
+
+### Fixed
+
+- Fixed open CLI command to work on macOS
+
+## [4.4.0](https://github.com/coder/code-server/releases/tag/v4.4.0) - 2022-05-06
+
+Code v1.66.2
+
+### Changed
+
+- Refactored methods in `Heart` class and made `Heart.beat()` async to make
+  testing easier.
+- Upgraded to Code 1.66.2.
+
+### Added
+
+- Added back telemetry patch which was removed in the Code reachitecture.
+- Added support to use `true` for `CS_DISABLE_FILE_DOWNLOADS` environment
+  variable. This means you can disable file downloads by setting
+  `CS_DISABLE_FILE_DOWNLOADS` to `true` or `1`.
+- Added tests for `Heart` class.
+
+### Fixed
+
+- Fixed installation issue in AUR after LICENSE rename.
+- Fixed issue with listening on IPv6 addresses.
+- Fixed issue with Docker publish action not being able to find artifacts. Now
+  it downloads the release assets from the release.
+
+## [4.3.0](https://github.com/coder/code-server/releases/tag/v4.3.0) - 2022-04-14
+
+Code v1.65.2
+
+### Changed
+
+- Excluded .deb files from release Docker image which drops the compressed and
+  uncompressed size by 58% and 34%.
+- Upgraded to Code 1.65.2.
+
+### Added
+
+- Added a new CLI flag called `--disable-file-downloads` which allows you to
+  disable the "Download..." option that shows in the UI when right-clicking on a
+  file. This can also set by running `CS_DISABLE_FILE_DOWNLOADS=1`.
+- Aligned the dependencies for binary and npm release artifacts.
+
+### Fixed
+
+- Fixed the code-server version from not displaying in the Help > About dialog.
+- Fixed issues with the TypeScript and JavaScript Language Features Extension
+  failing to activate.
+- Fixed missing files in ipynb extension.
+- Fixed the homebrew release workflow.
+- Fixed the Docker release workflow from not always publishing version tags.
+
+## [4.2.0](https://github.com/coder/code-server/releases/tag/v4.2.0) - 2022-03-22
+
+Code v1.64.2
+
+### Added
+
+- Added tests for `handleArgsSocketCatchError`, `setDefaults` and
+  `optionDescriptions`.
+
+### Changed
+
+- We switched from using the fork `coder/vscode` to a submodule of
+  `microsoft/vscode` + patches managed by `quilt` for how Code sits inside the
+  code-server codebase.
+- Upgraded to Code 1.64.2.
+
+### Fixed
+
+- Update popup notification through `--disable-update-check` is now fixed.
+- Fixed PWA icons not loading on iPad
+- Fixed the homebrew release process. Our `cdrci` bot should now automatically
+  update the version as part of the release pipeline.
+- Fixed titleBar color setting being ignored in PWA.
+
+### Security
+
+- Updated to `minimist-list`.
+- Updated `cloud-agent` to `v0.2.4` which uses `nhooyr.io/webscoket` `v1.8.7`.
+
+## [4.1.0](https://github.com/coder/code-server/releases/tag/v4.1.0) - 2022-03-03
+
+Code v1.63.0
+
+### Added
+
+- Support for injecting GitHub token into Code so extensions can make use of it.
+  This can be done with the `GITHUB_TOKEN` environment variable or `github-auth`
+  in the config file.
+- New flag `--socket-mode` allows setting the mode (file permissions) of the
+  socket created when using `--socket`.
+- The version of Code bundled with code-server now appears when using the
+  `--version` flag. For example: `4.0.2 5cdfe74686aa73e023f8354a9a6014eb30caa7dd with Code 1.63.0`.
+  If you have been parsing this flag for the version you might want to use
+  `--version --json` instead as doing that will be more stable.
+
+### Changed
+
+- The workspace or folder passed on the CLI will now use the same redirect
+  method that the last opened workspace or folder uses. This means if you use
+  something like `code-server /path/to/dir` you will now get a query parameter
+  added (like so: `my-domain.tld?folder=/path/to/dir`), making it easier to edit
+  by hand and making it consistent with the last opened and menu open behaviors.
+- The folder/workspace query parameter no longer has encoded slashes, making
+  them more readable and editable by hand. This was only affecting the last
+  opened behavior, not opens from the menu.
+
+### Fixed
+
+- Fix web sockets not connecting when using `--cert`.
+- Prevent workspace state collisions when opening a workspace that shares the
+  same file path with another workspace on a different machine that shares the
+  same domain. This was causing files opened in one workspace to be "re-"opened
+  in the other workspace when the other workspace is opened.
+- Pin the Express version which should make installing from npm work again.
+- Propagate signals to code-server in the Docker image which means it should
+  stop more quickly and gracefully.
+- Fix missing argon binaries in the standalone releases on arm machines.
 
 ## [4.0.2](https://github.com/coder/code-server/releases/tag/v4.0.2) - 2022-01-27
 
-VS Code v1.63.0
+Code v1.63.0
 
 ### Fixed
 
@@ -41,7 +255,7 @@ VS Code v1.63.0
 
 ## [4.0.1](https://github.com/coder/code-server/releases/tag/v4.0.1) - 2022-01-04
 
-VS Code v1.63.0
+Code v1.63.0
 
 code-server has been rebased on upstream's newly open-sourced server
 implementation (#4414).
@@ -57,7 +271,7 @@ implementation (#4414).
   settings file (we rely on the already-existing query object instead).
 - The marketplace override environment variables `SERVICE_URL` and `ITEM_URL`
   have been replaced with a single `EXTENSIONS_GALLERY` variable that
-  corresponds to `extensionsGallery` in VS Code's `product.json`.
+  corresponds to `extensionsGallery` in Code's `product.json`.
 
 ### Added
 
@@ -79,11 +293,11 @@ implementation (#4414).
 
 ## [3.12.0](https://github.com/coder/code-server/releases/tag/v3.12.0) - 2021-09-15
 
-VS Code v1.60.0
+Code v1.60.0
 
 ### Changed
 
-- Upgrade VS Code to 1.60.0.
+- Upgrade Code to 1.60.0.
 
 ### Fixed
 
@@ -99,7 +313,7 @@ Undocumented (see releases page).
 
 ## [3.10.2](https://github.com/coder/code-server/releases/tag/v3.10.2) - 2021-05-21
 
-VS Code v1.56.1
+Code v1.56.1
 
 ### Added
 
@@ -115,7 +329,7 @@ VS Code v1.56.1
 
 ## [3.10.1](https://github.com/coder/code-server/releases/tag/v3.10.1) - 2021-05-17
 
-VS Code v1.56.1
+Code v1.56.1
 
 ### Fixed
 
@@ -129,13 +343,13 @@ VS Code v1.56.1
 
 ## [3.10.0](https://github.com/coder/code-server/releases/tag/v3.10.0) - 2021-05-10
 
-VS Code v1.56.0
+Code v1.56.0
 
 ### Changed
 
-- Update to VS Code 1.56.0 (#3269).
+- Update to Code 1.56.0 (#3269).
 - Minor connections refactor (#3178). Improves connection stability.
-- Use ptyHostService (#3308). This brings us closer to upstream VS Code.
+- Use ptyHostService (#3308). This brings us closer to upstream Code.
 
 ### Added
 

ci/Caddyfile

@@ -0,0 +1,15 @@
+{
+	admin    localhost:4444
+}
+:8000 {
+	@portLocalhost path_regexp port ^/([0-9]+)\/ide
+        handle @portLocalhost {
+		uri strip_prefix {re.port.1}/ide
+                reverse_proxy localhost:{re.port.1}
+        }
+
+	handle {
+                respond "Bad hostname" 400
+        }
+
+}

ci/README.md

@@ -45,9 +45,6 @@ You can disable minification by setting `MINIFY=`.
   - Builds vscode into `./lib/vscode/out-vscode`.
 - [./ci/build/build-release.sh](./build/build-release.sh) (`yarn release`)
   - Bundles the output of the above two scripts into a single node module at `./release`.
-- [./ci/build/build-standalone-release.sh](./build/build-standalone-release.sh) (`yarn release:standalone`)
-  - Requires a node module already built into `./release` with the above script.
-  - Will build a standalone release with node and node_modules bundled into `./release-standalone`.
 - [./ci/build/clean.sh](./build/clean.sh) (`yarn clean`)
   - Removes all build artifacts.
   - Useful to do a clean build.
@@ -97,6 +94,8 @@ Helps avoid clobbering the CI configuration.
   - Runs `yarn lint`.
 - [./steps/test-unit.sh](./steps/test-unit.sh)
   - Runs `yarn test:unit`.
+- [./steps/test-integration.sh](./steps/test-integration.sh)
+  - Runs `yarn test:integration`.
 - [./steps/test-e2e.sh](./steps/test-e2e.sh)
   - Runs `yarn test:e2e`.
 - [./steps/release.sh](./steps/release.sh)

ci/build/build-packages.sh

@@ -50,6 +50,11 @@ release_nfpm() {
 
   export NFPM_ARCH
 
+  # Code deletes some files from the extension node_modules directory which
+  # leaves broken symlinks in the corresponding .bin directory.  nfpm will fail
+  # on these broken symlinks so clean them up.
+  rm -fr "./release-standalone/lib/vscode/extensions/node_modules/.bin"
+
   PKG_FORMAT="deb"
   NFPM_ARCH="$(get_nfpm_arch $PKG_FORMAT "$ARCH")"
   nfpm_config="$(envsubst < ./ci/build/nfpm.yaml)"

ci/build/build-release.sh

@@ -15,8 +15,8 @@ main() {
 
   source ./ci/lib.sh
 
-  VSCODE_SRC_PATH="vendor/modules/code-oss-dev"
-  VSCODE_OUT_PATH="$RELEASE_PATH/vendor/modules/code-oss-dev"
+  VSCODE_SRC_PATH="lib/vscode"
+  VSCODE_OUT_PATH="$RELEASE_PATH/lib/vscode"
 
   mkdir -p "$RELEASE_PATH"
 
@@ -24,8 +24,8 @@ main() {
   bundle_vscode
 
   rsync ./docs/README.md "$RELEASE_PATH"
-  rsync LICENSE.txt "$RELEASE_PATH"
-  rsync ./vendor/modules/code-oss-dev/ThirdPartyNotices.txt "$RELEASE_PATH"
+  rsync LICENSE "$RELEASE_PATH"
+  rsync ./lib/vscode/ThirdPartyNotices.txt "$RELEASE_PATH"
 }
 
 bundle_code_server() {
@@ -55,6 +55,17 @@ bundle_code_server() {
 EOF
   ) > "$RELEASE_PATH/package.json"
   rsync yarn.lock "$RELEASE_PATH"
+
+  # To ensure deterministic dependency versions (even when code-server is installed with NPM), we seed
+  # an npm-shrinkwrap file from our yarn lockfile and the current node-modules installed.
+  synp --source-file yarn.lock
+  npm shrinkwrap
+  # HACK@edvincent: The shrinkwrap file will contain the devDependencies, which by default
+  # are installed if present in a lockfile. To avoid every user having to specify --production
+  # to skip them, we carefully remove them from the shrinkwrap file.
+  json -f npm-shrinkwrap.json -I -e "Object.keys(this.dependencies).forEach(dependency => { if (this.dependencies[dependency].dev) { delete this.dependencies[dependency] } } )"
+  mv npm-shrinkwrap.json "$RELEASE_PATH"
+
   rsync ci/build/npm-postinstall.sh "$RELEASE_PATH/postinstall.sh"
 
   if [ "$KEEP_MODULES" = 1 ]; then
@@ -66,51 +77,39 @@ EOF
 
 bundle_vscode() {
   mkdir -p "$VSCODE_OUT_PATH"
-  rsync "$VSCODE_SRC_PATH/yarn.lock" "$VSCODE_OUT_PATH"
-  rsync "$VSCODE_SRC_PATH/out-vscode-reh-web${MINIFY:+-min}/" "$VSCODE_OUT_PATH/out"
 
-  rsync "$VSCODE_SRC_PATH/.build/extensions/" "$VSCODE_OUT_PATH/extensions"
-  if [ "$KEEP_MODULES" = 0 ]; then
-    rm -Rf "$VSCODE_OUT_PATH/extensions/node_modules"
-  else
-    rsync "$VSCODE_SRC_PATH/node_modules/" "$VSCODE_OUT_PATH/node_modules"
+  local rsync_opts=()
+  if [[ ${DEBUG-} = 1 ]]; then
+    rsync_opts+=(-vh)
   fi
-  rsync "$VSCODE_SRC_PATH/extensions/package.json" "$VSCODE_OUT_PATH/extensions"
-  rsync "$VSCODE_SRC_PATH/extensions/yarn.lock" "$VSCODE_OUT_PATH/extensions"
-  rsync "$VSCODE_SRC_PATH/extensions/postinstall.js" "$VSCODE_OUT_PATH/extensions"
 
-  mkdir -p "$VSCODE_OUT_PATH/resources/"
-  rsync "$VSCODE_SRC_PATH/resources/" "$VSCODE_OUT_PATH/resources/"
+  # Some extensions have a .gitignore which excludes their built source from the
+  # npm package so exclude any .gitignore files.
+  rsync_opts+=(--exclude .gitignore)
 
-  # TODO: We should look into using VS Code's packaging task (see
-  # gulpfile.reh.js).  For now copy this directory into the right spot (for some
-  # reason VS Code uses a different path in production).
-  mkdir -p "$VSCODE_OUT_PATH/bin/helpers"
-  rsync "$VSCODE_SRC_PATH/resources/server/bin/helpers/" "$VSCODE_OUT_PATH/bin/helpers"
-  chmod +x "$VSCODE_OUT_PATH/bin/helpers/browser.sh"
+  # Exclude Node as we will add it ourselves for the standalone and will not
+  # need it for the npm package.
+  rsync_opts+=(--exclude /node)
 
-  # Add the commit and date and enable telemetry. This just makes telemetry
-  # available; telemetry can still be disabled by flag or setting.
-  jq --slurp '.[0] * .[1]' "$VSCODE_SRC_PATH/product.json" <(
-    cat << EOF
-  {
-    "enableTelemetry": true,
-    "commit": "$(cd "$VSCODE_SRC_PATH" && git rev-parse HEAD)",
-    "quality": "stable",
-    "date": $(jq -n 'now | todate'),
-    "codeServerVersion": "$VERSION"
-  }
-EOF
-  ) > "$VSCODE_OUT_PATH/product.json"
+  # Exclude Node modules.
+  if [[ $KEEP_MODULES = 0 ]]; then
+    rsync_opts+=(--exclude node_modules)
+  fi
 
-  # We remove the scripts field so that later on we can run
-  # yarn to fetch node_modules if necessary without build scripts running.
-  # We cannot use --no-scripts because we still want dependent package scripts to run.
-  jq 'del(.scripts)' < "$VSCODE_SRC_PATH/package.json" > "$VSCODE_OUT_PATH/package.json"
+  rsync "${rsync_opts[@]}" ./lib/vscode-reh-web-*/ "$VSCODE_OUT_PATH"
 
-  pushd "$VSCODE_OUT_PATH"
-  symlink_asar
-  popd
+  # Use the package.json for the web/remote server.  It does not have the right
+  # version though so pull that from the main package.json.
+  jq --slurp '.[0] * {version: .[1].version}' \
+    "$VSCODE_SRC_PATH/remote/package.json" \
+    "$VSCODE_SRC_PATH/package.json" > "$VSCODE_OUT_PATH/package.json"
+
+  rsync "$VSCODE_SRC_PATH/remote/yarn.lock" "$VSCODE_OUT_PATH/yarn.lock"
+
+  # Include global extension dependencies as well.
+  rsync "$VSCODE_SRC_PATH/extensions/package.json" "$VSCODE_OUT_PATH/extensions/package.json"
+  rsync "$VSCODE_SRC_PATH/extensions/yarn.lock" "$VSCODE_OUT_PATH/extensions/yarn.lock"
+  rsync "$VSCODE_SRC_PATH/extensions/postinstall.mjs" "$VSCODE_OUT_PATH/extensions/postinstall.mjs"
 }
 
 main "$@"

ci/build/build-standalone-release.sh

@@ -27,14 +27,9 @@ main() {
   ln -s "./bin/code-server" "$RELEASE_PATH/code-server"
   ln -s "./lib/node" "$RELEASE_PATH/node"
 
-  cd "$RELEASE_PATH"
+  pushd "$RELEASE_PATH"
   yarn --production --frozen-lockfile
-
-  # HACK: the version of Typescript vscode 1.57 uses in extensions/
-  # leaves a few stray symlinks. Clean them up so nfpm does not fail.
-  # Remove this line when its no longer needed.
-
-  rm -fr "$RELEASE_PATH/vendor/modules/code-oss-dev/extensions/node_modules/.bin"
+  popd
 }
 
 main "$@"

ci/build/build-vscode.sh

@@ -1,18 +1,114 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# Builds vscode into vendor/modules/code-oss-dev/out-vscode.
+# Builds vscode into lib/vscode/out-vscode.
 
 # MINIFY controls whether a minified version of vscode is built.
 MINIFY=${MINIFY-true}
 
+delete-bin-script() {
+  rm -f "lib/vscode-reh-web-linux-x64/bin/$1"
+}
+
+copy-bin-script() {
+  local script="$1"
+  local dest="lib/vscode-reh-web-linux-x64/bin/$script"
+  cp "lib/vscode/resources/server/bin/$script" "$dest"
+  sed -i.bak "s/@@VERSION@@/$(vscode_version)/g" "$dest"
+  sed -i.bak "s/@@COMMIT@@/$VSCODE_DISTRO_COMMIT/g" "$dest"
+  sed -i.bak "s/@@APPNAME@@/code-server/g" "$dest"
+
+  # Fix Node path on Darwin and Linux.
+  # We do not want expansion here; this text should make it to the file as-is.
+  # shellcheck disable=SC2016
+  sed -i.bak 's/^ROOT=\(.*\)$/VSROOT=\1\nROOT="$(dirname "$(dirname "$VSROOT")")"/g' "$dest"
+  sed -i.bak 's/ROOT\/out/VSROOT\/out/g' "$dest"
+
+  # Fix Node path on Windows.
+  sed -i.bak 's/^set ROOT_DIR=\(.*\)$/set ROOT_DIR=%~dp0..\\..\\..\\..\r\nset VSROOT_DIR=\1/g' "$dest"
+  sed -i.bak 's/%ROOT_DIR%\\out/%VSROOT_DIR%\\out/g' "$dest"
+
+  chmod +x "$dest"
+  rm "$dest.bak"
+}
+
 main() {
   cd "$(dirname "${0}")/../.."
 
-  cd vendor/modules/code-oss-dev
+  source ./ci/lib.sh
 
-  # Any platform works since we have our own packaging step (for now).
+  pushd lib/vscode
+
+  # Set the commit Code will embed into the product.json.  We need to do this
+  # since Code tries to get the commit from the `.git` directory which will fail
+  # as it is a submodule.
+  export VSCODE_DISTRO_COMMIT
+  VSCODE_DISTRO_COMMIT=$(git rev-parse HEAD)
+
+  # Add the date, our name, links, and enable telemetry (this just makes
+  # telemetry available; telemetry can still be disabled by flag or setting).
+  # This needs to be done before building as Code will read this file and embed
+  # it into the client-side code.
+  git checkout product.json             # Reset in case the script exited early.
+  cp product.json product.original.json # Since jq has no inline edit.
+  jq --slurp '.[0] * .[1]' product.original.json <(
+    cat << EOF
+  {
+    "enableTelemetry": true,
+    "quality": "stable",
+    "codeServerVersion": "$VERSION",
+    "nameShort": "code-server",
+    "nameLong": "code-server",
+    "applicationName": "code-server",
+    "dataFolderName": ".code-server",
+    "win32MutexName": "codeserver",
+    "licenseUrl": "https://github.com/coder/code-server/blob/main/LICENSE",
+    "win32DirName": "code-server",
+    "win32NameVersion": "code-server",
+    "win32AppUserModelId": "coder.code-server",
+    "win32ShellNameShort": "c&ode-server",
+    "darwinBundleIdentifier": "com.coder.code.server",
+    "linuxIconName": "com.coder.code.server",
+    "reportIssueUrl": "https://github.com/coder/code-server/issues/new",
+    "documentationUrl": "https://go.microsoft.com/fwlink/?LinkID=533484#vscode",
+    "keyboardShortcutsUrlMac": "https://go.microsoft.com/fwlink/?linkid=832143",
+    "keyboardShortcutsUrlLinux": "https://go.microsoft.com/fwlink/?linkid=832144",
+    "keyboardShortcutsUrlWin": "https://go.microsoft.com/fwlink/?linkid=832145",
+    "introductoryVideosUrl": "https://go.microsoft.com/fwlink/?linkid=832146",
+    "tipsAndTricksUrl": "https://go.microsoft.com/fwlink/?linkid=852118",
+    "newsletterSignupUrl": "https://www.research.net/r/vsc-newsletter",
+    "linkProtectionTrustedDomains": [
+      "https://open-vsx.org"
+    ]
+  }
+EOF
+  ) > product.json
+
+  # Any platform here works since we will do our own packaging.  We have to do
+  # this because we have an NPM package that could be installed on any platform.
+  # The correct platform dependencies and scripts will be installed as part of
+  # the post-install during `npm install` or when building a standalone release.
   yarn gulp "vscode-reh-web-linux-x64${MINIFY:+-min}"
+
+  # Reset so if you develop after building you will not be stuck with the wrong
+  # commit (the dev client will use `oss-dev` but the dev server will still use
+  # product.json which will have `stable-$commit`).
+  git checkout product.json
+
+  popd
+
+  # These provide a `code-server` command in the integrated terminal to open
+  # files in the current instance.
+  delete-bin-script remote-cli/code-server
+  copy-bin-script remote-cli/code-darwin.sh
+  copy-bin-script remote-cli/code-linux.sh
+  copy-bin-script remote-cli/code.cmd
+
+  # These provide a way for terminal applications to open browser windows.
+  delete-bin-script helpers/browser.sh
+  copy-bin-script helpers/browser-darwin.sh
+  copy-bin-script helpers/browser-linux.sh
+  copy-bin-script helpers/browser.cmd
 }
 
 main "$@"

ci/build/npm-postinstall.sh

@@ -1,23 +1,69 @@
 #!/usr/bin/env sh
 set -eu
 
-# Copied from arch() in ci/lib.sh.
-detect_arch() {
-  case "$(uname -m)" in
-    aarch64)
-      echo arm64
-      ;;
-    x86_64 | amd64)
-      echo amd64
-      ;;
-    *)
-      # This will cause the download to fail, but is intentional
-      uname -m
-      ;;
+# Copied from ../lib.sh.
+arch() {
+  cpu="$(uname -m)"
+  case "$cpu" in
+    aarch64) cpu=arm64 ;;
+    x86_64) cpu=amd64 ;;
+  esac
+  echo "$cpu"
+}
+
+# Copied from ../lib.sh except we do not rename Darwin since the cloud agent
+# uses "darwin" in the release names and we do not need to detect Alpine.
+os() {
+  osname=$(uname | tr '[:upper:]' '[:lower:]')
+  case $osname in
+    cygwin* | mingw*) osname="windows" ;;
+  esac
+  echo "$osname"
+}
+
+# Create a symlink at $2 pointing to $1 on any platform.  Anything that
+# currently exists at $2 will be deleted.
+symlink() {
+  source="$1"
+  dest="$2"
+  rm -rf "$dest"
+  case $OS in
+    windows) mklink /J "$dest" "$source" ;;
+    *) ln -s "$source" "$dest" ;;
   esac
 }
 
-ARCH="${NPM_CONFIG_ARCH:-$(detect_arch)}"
+# VS Code bundles some modules into an asar which is an archive format that
+# works like tar. It then seems to get unpacked into node_modules.asar.
+#
+# I don't know why they do this but all the dependencies they bundle already
+# exist in node_modules so just symlink it. We have to do this since not only
+# Code itself but also extensions will look specifically in this directory for
+# files (like the ripgrep binary or the oniguruma wasm).
+symlink_asar() {
+  symlink node_modules node_modules.asar
+}
+
+# Make a symlink at bin/$1/$3 pointing to the platform-specific version of the
+# script in $2.  The extension of the link will be .cmd for Windows otherwise it
+# will be whatever is in $4 (or no extension if $4 is not set).
+symlink_bin_script() {
+  oldpwd="$(pwd)"
+  cd "bin/$1"
+  source="$2"
+  dest="$3"
+  ext="${4-}"
+  case $OS in
+    windows) symlink "$source.cmd" "$dest.cmd" ;;
+    darwin | macos) symlink "$source-darwin.sh" "$dest$ext" ;;
+    *) symlink "$source-linux.sh" "$dest$ext" ;;
+  esac
+  cd "$oldpwd"
+}
+
+ARCH="${NPM_CONFIG_ARCH:-$(arch)}"
+OS="$(os)"
+
 # This is due to an upstream issue with RHEL7/CentOS 7 comptability with node-argon2
 # See: https://github.com/cdr/code-server/pull/3422#pullrequestreview-677765057
 export npm_config_build_from_source=true
@@ -33,8 +79,8 @@ main() {
     echo "USE AT YOUR OWN RISK!"
   fi
 
-  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-14}" ]; then
-    echo "ERROR: code-server currently requires node v14."
+  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-16}" ]; then
+    echo "ERROR: code-server currently requires node v16."
     if [ -n "$FORCE_NODE_VERSION" ]; then
       echo "However, you have overrided the version check to use v$FORCE_NODE_VERSION."
     fi
@@ -56,8 +102,6 @@ main() {
     ;;
   esac
 
-  OS="$(uname | tr '[:upper:]' '[:lower:]')"
-
   mkdir -p ./lib
 
   if curl -fsSL "https://github.com/coder/cloud-agent/releases/latest/download/cloud-agent-$OS-$ARCH" -o ./lib/coder-cloud-agent; then
@@ -68,7 +112,7 @@ main() {
 
   if ! vscode_yarn; then
     echo "You may not have the required dependencies to build the native modules."
-    echo "Please see https://github.com/coder/code-server/blob/master/docs/npm.md"
+    echo "Please see https://github.com/coder/code-server/blob/main/docs/npm.md"
     exit 1
   fi
 
@@ -79,33 +123,17 @@ main() {
   fi
 }
 
-# This is a copy of symlink_asar in ../lib.sh. Look there for details.
-symlink_asar() {
-  rm -rf node_modules.asar
-  if [ "${WINDIR-}" ]; then
-    mklink /J node_modules.asar node_modules
-  else
-    ln -s node_modules node_modules.asar
-  fi
-}
-
 vscode_yarn() {
-  echo 'Installing vendor dependencies...'
-  cd vendor/modules/code-oss-dev
-  yarn --production --frozen-lockfile
+  echo 'Installing Code dependencies...'
+  cd lib/vscode
+  yarn --production --frozen-lockfile --no-default-rc
 
   symlink_asar
+  symlink_bin_script remote-cli code code-server
+  symlink_bin_script helpers browser browser .sh
 
   cd extensions
   yarn --production --frozen-lockfile
-
-  for ext in */; do
-    ext="${ext%/}"
-    echo "extensions/$ext: installing dependencies"
-    cd "$ext"
-    yarn --production --frozen-lockfile
-    cd "$OLDPWD"
-  done
 }
 
 main "$@"

ci/build/release-github-assets.sh

@@ -9,6 +9,15 @@ set -euo pipefail
 main() {
   cd "$(dirname "$0")/../.."
   source ./ci/lib.sh
+  source ./ci/steps/steps-lib.sh
+
+  # NOTE@jsjoeio - only needed if we use the download_artifact
+  # because we talk to the GitHub API.
+  # Needed to use GitHub API
+  if ! is_env_var_set "GITHUB_TOKEN"; then
+    echo "GITHUB_TOKEN is not set. Cannot download npm release-packages without GitHub credentials."
+    exit 1
+  fi
 
   download_artifact release-packages ./release-packages
   local assets=(./release-packages/code-server*"$VERSION"*{.tar.gz,.deb,.rpm})

ci/build/release-prep.sh

@@ -81,7 +81,7 @@ main() {
   read -r -p "What version of code-server do you want to update to?"$'\n' CODE_SERVER_VERSION_TO_UPDATE
 
   echo -e "Great! We'll prep a PR for updating to $CODE_SERVER_VERSION_TO_UPDATE\n"
-  $CMD rg -g '!yarn.lock' -g '!*.svg' -g '!CHANGELOG.md' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
+  $CMD rg -g '!yarn.lock' -g '!*.svg' -g '!CHANGELOG.md' -g '!lib/vscode/**' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
 
   $CMD git commit --no-verify -am "chore(release): bump version to $CODE_SERVER_VERSION_TO_UPDATE"
 

ci/build/test-standalone-release.sh

@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Make sure a code-server release works. You can pass in the path otherwise it
-# will use release-standalone in the current directory.
-#
-# This is to make sure we don't have Node version errors or any other
-# compilation-related errors.
-main() {
-  cd "$(dirname "${0}")/../.."
-
-  local EXTENSIONS_DIR
-  EXTENSIONS_DIR="$(mktemp -d)"
-
-  local path=${1:-./release-standalone/bin/code-server}
-
-  echo "Testing standalone release in $path."
-
-  # NOTE: using a basic theme extension because it doesn't update often and is more reliable for testing
-  "$path" --extensions-dir "$EXTENSIONS_DIR" --install-extension wesbos.theme-cobalt2
-  local installed_extensions
-  installed_extensions="$("$path" --extensions-dir "$EXTENSIONS_DIR" --list-extensions 2>&1)"
-  # We use grep as wesbos.theme-cobalt2 may have dependency extensions that change.
-  if ! echo "$installed_extensions" | grep -q "wesbos.theme-cobalt2"; then
-    echo "Unexpected output from listing extensions:"
-    echo "$installed_extensions"
-    exit 1
-  fi
-
-  echo "Standalone release works correctly."
-}
-
-main "$@"

ci/dev/fmt.sh

@@ -19,7 +19,7 @@ main() {
     "*.sh"
   )
   prettier --write --loglevel=warn $(
-    git ls-files "${prettierExts[@]}" | grep -v "lib/vscode" | grep -v "vendor/modules/code-oss-dev" | grep -v 'helm-chart'
+    git ls-files "${prettierExts[@]}" | grep -v "lib/vscode" | grep -v 'helm-chart'
   )
 
   doctoc --title '# FAQ' docs/FAQ.md > /dev/null

ci/dev/lint.sh

@@ -4,10 +4,10 @@ set -euo pipefail
 main() {
   cd "$(dirname "$0")/../.."
 
-  eslint --max-warnings=0 --fix $(git ls-files "*.ts" "*.tsx" "*.js" | grep -v "vendor/modules/code-oss-dev" | grep -v "lib/vscode")
-  stylelint $(git ls-files "*.css" | grep -v "vendor/modules/code-oss-dev" | grep -v "lib/vscode")
+  eslint --max-warnings=0 --fix $(git ls-files "*.ts" "*.tsx" "*.js" | grep -v "lib/vscode")
+  stylelint $(git ls-files "*.css" | grep -v "lib/vscode")
   tsc --noEmit --skipLibCheck
-  shellcheck -e SC2046,SC2164,SC2154,SC1091,SC1090,SC2002 $(git ls-files "*.sh" | grep -v "vendor/modules/code-oss-dev" | grep -v "lib/vscode")
+  shellcheck -e SC2046,SC2164,SC2154,SC1091,SC1090,SC2002 $(git ls-files "*.sh" | grep -v "lib/vscode")
   if command -v helm && helm kubeval --help > /dev/null; then
     helm kubeval ci/helm-chart
   fi

ci/dev/postinstall.sh

@@ -1,50 +1,39 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
+# Install dependencies in $1.
+install-deps() {
+  local args=(install)
+  if [[ ${CI-} ]]; then
+    args+=(--frozen-lockfile)
+  fi
+  if [[ "$1" == "lib/vscode" ]]; then
+    args+=(--no-default-rc)
+  fi
+  # If there is no package.json then yarn will look upward and end up installing
+  # from the root resulting in an infinite loop (this can happen if you have not
+  # checked out the submodule yet for example).
+  if [[ ! -f "$1/package.json" ]]; then
+    echo "$1/package.json is missing; did you run git submodule update --init?"
+    exit 1
+  fi
+  pushd "$1"
+  echo "Installing dependencies for $PWD"
+  yarn "${args[@]}"
+  popd
+}
+
 main() {
   cd "$(dirname "$0")/../.."
   source ./ci/lib.sh
 
-  pushd test
-  echo "Installing dependencies for $PWD"
-  yarn install
-  popd
-
-  local args=(install)
-  if [[ ${CI-} ]]; then
-    args+=(--frozen-lockfile)
+  install-deps test
+  install-deps test/e2e/extensions/test-extension
+  # We don't need these when running the integration tests
+  # so you can pass SKIP_SUBMODULE_DEPS
+  if [[ ! ${SKIP_SUBMODULE_DEPS-} ]]; then
+    install-deps lib/vscode
   fi
-
-  pushd test
-  echo "Installing dependencies for $PWD"
-  yarn "${args[@]}"
-  popd
-
-  pushd test/e2e/extensions/test-extension
-  echo "Installing dependencies for $PWD"
-  yarn "${args[@]}"
-  popd
-
-  pushd vendor
-  echo "Installing dependencies for $PWD"
-
-  # We install in 'modules' instead of 'node_modules' because VS Code's
-  # extensions use a webpack config which cannot differentiate between its own
-  # node_modules and itself being in a directory with the same name.
-  args+=(--modules-folder modules)
-
-  # We ignore scripts because NPM/Yarn's default behavior is to assume that
-  # devDependencies are not needed, and that even git repo based packages are
-  # assumed to be compiled. Because the default behavior for VS Code's
-  # `postinstall` assumes we're also compiled, this needs to be ignored.
-  args+=(--ignore-scripts)
-
-  yarn "${args[@]}"
-
-  # Finally, run the vendor `postinstall`
-  yarn run postinstall
-
-  popd
 }
 
 main "$@"

ci/dev/test-e2e.sh

@@ -37,7 +37,7 @@ main() {
     exit 1
   fi
 
-  if [[ ! -d $dir/vendor/modules/code-oss-dev/out ]]; then
+  if [[ ! -d $dir/lib/vscode/out ]]; then
     echo >&2 "No VS Code build detected"
     help
     exit 1

ci/dev/test-integration.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+help() {
+  echo >&2 "  You can build the standalone release with 'yarn release:standalone'"
+  echo >&2 "  Or you can pass in a custom path."
+  echo >&2 "  CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' yarn test:integration"
+}
+
+# Make sure a code-server release works. You can pass in the path otherwise it
+# will look for release-standalone in the current directory.
+#
+# This is to make sure we don't have Node version errors or any other
+# compilation-related errors.
+main() {
+  cd "$(dirname "$0")/../.."
+
+  source ./ci/lib.sh
+
+  local path="$RELEASE_PATH-standalone/bin/code-server"
+  if [[ ! ${CODE_SERVER_PATH-} ]]; then
+    echo "Set CODE_SERVER_PATH to test another build of code-server"
+  else
+    path="$CODE_SERVER_PATH"
+  fi
+
+  echo "Running tests with code-server binary: '$path'"
+
+  if [[ ! -f $path ]]; then
+    echo >&2 "No code-server build detected"
+    echo >&2 "Looked in $path"
+    help
+    exit 1
+  fi
+
+  CODE_SERVER_PATH="$path" CS_DISABLE_PLUGINS=true ./test/node_modules/.bin/jest "$@" --coverage=false --testRegex "./test/integration" --testPathIgnorePatterns "./test/integration/fixtures"
+}
+
+main "$@"

ci/dev/test-unit.sh

@@ -14,17 +14,23 @@ main() {
   # Our code imports from `out` in order to work during development but if you
   # have only built for production you will have not have this directory.  In
   # that case symlink `out` to a production build directory.
-  local vscode="vendor/modules/code-oss-dev"
-  local link="$vscode/out"
-  local target="out-build"
-  if [[ ! -e $link ]] && [[ -d $vscode/$target ]]; then
-    ln -s "$target" "$link"
+  if [[ ! -e lib/vscode/out ]]; then
+    pushd lib
+    local out=(vscode-reh-web-*)
+    if [[ -d "${out[0]}" ]]; then
+      ln -s "../${out[0]}/out" ./vscode/out
+    else
+      echo "Could not find lib/vscode/out or lib/vscode-reh-web-*"
+      echo "Code must be built before running unit tests"
+      exit 1
+    fi
+    popd
   fi
 
   # We must keep jest in a sub-directory. See ../../test/package.json for more
   # information. We must also run it from the root otherwise coverage will not
   # include our source files.
-  CS_DISABLE_PLUGINS=true ./test/node_modules/.bin/jest "$@"
+  CS_DISABLE_PLUGINS=true ./test/node_modules/.bin/jest "$@" --testRegex "./test/unit/.*ts" --testPathIgnorePatterns "./test/unit/node/test-plugin"
 }
 
 main "$@"

ci/dev/watch.ts

@@ -14,7 +14,7 @@ class Watcher {
   private rootPath = path.resolve(process.cwd())
   private readonly paths = {
     /** Path to uncompiled VS Code source. */
-    vscodeDir: path.join(this.rootPath, "vendor", "modules", "code-oss-dev"),
+    vscodeDir: path.join(this.rootPath, "lib/vscode"),
     pluginDir: process.env.PLUGIN_DIR,
   }
 

ci/helm-chart/Chart.yaml

@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.1.0
+version: 3.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.0.2
+appVersion: 4.6.0

ci/helm-chart/templates/deployment.yaml

@@ -25,6 +25,9 @@ spec:
       {{- if .Values.hostnameOverride }}
       hostname: {{ .Values.hostnameOverride }}
       {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
       {{- if .Values.securityContext.enabled }}
       securityContext:
         fsGroup: {{ .Values.securityContext.fsGroup }}
@@ -59,6 +62,17 @@ spec:
           securityContext:
             runAsUser: {{ .Values.securityContext.runAsUser }}
           {{- end }}
+          {{- if .Values.lifecycle.enabled }}
+          lifecycle:
+            {{- if .Values.lifecycle.postStart }}
+            postStart:
+              {{ toYaml .Values.lifecycle.postStart | nindent 14 }}
+            {{- end }}
+            {{- if .Values.lifecycle.preStop }}
+            preStop:
+              {{ toYaml .Values.lifecycle.preStop | nindent 14 }}
+            {{- end }}
+          {{- end }}
           env:
         {{- if .Values.extraVars }}
 {{ toYaml .Values.extraVars | indent 10 }}
@@ -116,7 +130,7 @@ spec:
       {{- end }}
     {{- with .Values.affinity }}
       affinity:
-        {{- toYaml . | nindent 8 }}
+        {{- tpl . $ | nindent 8 }}
     {{- end }}
     {{- with .Values.tolerations }}
       tolerations:

ci/helm-chart/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: codercom/code-server
-  tag: '4.0.2'
+  tag: '4.6.0'
   pullPolicy: Always
 
 # Specifies one or more secrets to be used when pulling images from a
@@ -33,6 +33,8 @@ podAnnotations: {}
 podSecurityContext: {}
   # fsGroup: 2000
 
+priorityClassName: ""
+
 service:
   type: ClusterIP
   port: 8080
@@ -70,6 +72,8 @@ extraArgs: []
 extraVars: []
 #  - name: DISABLE_TELEMETRY
 #    value: true
+#  - name: DOCKER_HOST
+#    value: "tcp://localhost:2375"
 
 ##
 ## Init containers parameters:
@@ -123,9 +127,19 @@ persistence:
   # existingClaim: ""
   # hostPath: /data
 
+lifecycle:
+  enabled: false
+  # postStart:
+  #  exec:
+  #    command:
+  #      - /bin/bash
+  #      - -c
+  #      - curl -s -L SOME_SCRIPT | bash
+
 ## Enable an Specify container in extraContainers.
 ## This is meant to allow adding code-server dependencies, like docker-dind.
 extraContainers: |
+# If docker-dind is used, DOCKER_HOST env is mandatory to set in "extraVars"
 #- name: docker-dind
 #  image: docker:19.03-dind
 #  imagePullPolicy: IfNotPresent
@@ -142,6 +156,25 @@ extraContainers: |
 #  - name: DOCKER_DRIVER
 #    value: "overlay2"
 
+extraInitContainers: |
+# - name: customization
+#   image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+#   imagePullPolicy: IfNotPresent
+#   env:
+#     - name: SERVICE_URL
+#       value: https://open-vsx.org/vscode/gallery
+#     - name: ITEM_URL
+#       value: https://open-vsx.org/vscode/item
+#   command:
+#     - sh
+#     - -c
+#     - |
+#       code-server --install-extension ms-python.python
+#       code-server --install-extension golang.Go
+#   volumeMounts:
+#     - name: data
+#       mountPath: /home/coder
+
 ## Additional code-server secret mounts
 extraSecretMounts: []
   # - name: secret-files

ci/lib.sh

@@ -14,39 +14,34 @@ pkg_json_version() {
 }
 
 vscode_version() {
-  jq -r .version vendor/modules/code-oss-dev/package.json
+  jq -r .version lib/vscode/package.json
 }
 
 os() {
-  local os
-  os=$(uname | tr '[:upper:]' '[:lower:]')
-  if [[ $os == "linux" ]]; then
-    # Alpine's ldd doesn't have a version flag but if you use an invalid flag
-    # (like --version) it outputs the version to stderr and exits with 1.
-    local ldd_output
-    ldd_output=$(ldd --version 2>&1 || true)
-    if echo "$ldd_output" | grep -iq musl; then
-      os="alpine"
-    fi
-  elif [[ $os == "darwin" ]]; then
-    os="macos"
-  fi
-  echo "$os"
+  osname=$(uname | tr '[:upper:]' '[:lower:]')
+  case $osname in
+    linux)
+      # Alpine's ldd doesn't have a version flag but if you use an invalid flag
+      # (like --version) it outputs the version to stderr and exits with 1.
+      # TODO: Better to check /etc/os-release; see ../install.sh.
+      ldd_output=$(ldd --version 2>&1 || true)
+      if echo "$ldd_output" | grep -iq musl; then
+        osname="alpine"
+      fi
+      ;;
+    darwin) osname="macos" ;;
+    cygwin* | mingw*) osname="windows" ;;
+  esac
+  echo "$osname"
 }
 
 arch() {
   cpu="$(uname -m)"
   case "$cpu" in
-    aarch64)
-      echo arm64
-      ;;
-    x86_64 | amd64)
-      echo amd64
-      ;;
-    *)
-      echo "$cpu"
-      ;;
+    aarch64) cpu=arm64 ;;
+    x86_64) cpu=amd64 ;;
   esac
+  echo "$cpu"
 }
 
 # Grabs the most recent ci.yaml github workflow run that was triggered from the
@@ -57,7 +52,7 @@ arch() {
 # https://developer.github.com/v3/actions/workflow-runs/#list-workflow-runs
 get_artifacts_url() {
   local artifacts_url
-  local version_branch="v$VERSION"
+  local version_branch="release/v$VERSION"
   local workflow_runs_url="repos/:owner/:repo/actions/workflows/ci.yaml/runs?event=pull_request&branch=$version_branch"
   artifacts_url=$(gh api "$workflow_runs_url" | jq -r ".workflow_runs[] | select(.head_branch == \"$version_branch\") | .artifacts_url" | head -n 1)
   if [[ -z "$artifacts_url" ]]; then
@@ -104,21 +99,3 @@ export OS
 # RELEASE_PATH is the destination directory for the release from the root.
 # Defaults to release
 RELEASE_PATH="${RELEASE_PATH-release}"
-
-# VS Code bundles some modules into an asar which is an archive format that
-# works like tar. It then seems to get unpacked into node_modules.asar.
-#
-# I don't know why they do this but all the dependencies they bundle already
-# exist in node_modules so just symlink it. We have to do this since not only VS
-# Code itself but also extensions will look specifically in this directory for
-# files (like the ripgrep binary or the oniguruma wasm).
-symlink_asar() {
-  rm -rf node_modules.asar
-  if [ "${WINDIR-}" ]; then
-    # mklink takes the link name first.
-    mklink /J node_modules.asar node_modules
-  else
-    # ln takes the link name second.
-    ln -s node_modules node_modules.asar
-  fi
-}

ci/release-image/Dockerfile

@@ -1,3 +1,8 @@
+# syntax=docker/dockerfile:experimental
+
+FROM scratch AS packages
+COPY release-packages/code-server*.deb /tmp/
+
 FROM debian:11
 
 RUN apt-get update \
@@ -34,9 +39,12 @@ RUN ARCH="$(dpkg --print-architecture)" && \
     mkdir -p /etc/fixuid && \
     printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
 
-COPY release-packages/code-server*.deb /tmp/
 COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
-RUN dpkg -i /tmp/code-server*$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
+RUN --mount=from=packages,src=/tmp,dst=/tmp/packages dpkg -i /tmp/packages/code-server*$(dpkg --print-architecture).deb
+
+# Allow users to have scripts run on container startup to prepare workspace.
+# https://github.com/coder/code-server/issues/5177
+ENV ENTRYPOINTD=${HOME}/entrypoint.d
 
 EXPOSE 8080
 # This way, if someone sets $DOCKER_USER, docker-exec will still work as

ci/release-image/docker-bake.hcl

@@ -15,6 +15,8 @@ target "code-server" {
     tags = [
         "docker.io/codercom/code-server:latest",
         notequal("latest",VERSION) ? "docker.io/codercom/code-server:${VERSION}" : "",
+        "ghcr.io/coder/code-server:latest",
+        notequal("latest",VERSION) ? "ghcr.io/coder/code-server:${VERSION}" : "",
     ]
     platforms = ["linux/amd64", "linux/arm64"]
 }

ci/release-image/entrypoint.sh

@@ -18,4 +18,10 @@ if [ "${DOCKER_USER-}" ]; then
   fi
 fi
 
+# Allow users to have scripts run on container startup to prepare workspace.
+# https://github.com/coder/code-server/issues/5177
+if [ -d "${ENTRYPOINTD}" ]; then
+  find "${ENTRYPOINTD}" -type f -executable -print -exec {} \;
+fi
+
 exec dumb-init /usr/bin/code-server "$@"

ci/steps/brew-bump.sh

@@ -2,7 +2,6 @@
 set -euo pipefail
 
 main() {
-  cd "$(dirname "$0")/../.."
   # Only sourcing this so we get access to $VERSION
   source ./ci/lib.sh
   source ./ci/steps/steps-lib.sh
@@ -21,94 +20,18 @@ main() {
     exit 1
   fi
 
-  # NOTE: we need to make sure coderci/homebrew-core
-  # is up-to-date
-  # otherwise, brew bump-formula-pr will use an
-  # outdated base
-  echo "Cloning coderci/homebrew-core"
-  git clone https://github.com/coderci/homebrew-core.git
-
-  # Make sure the git clone step is successful
-  if directory_exists "homebrew-core"; then
-    echo "git clone failed. Cannot find homebrew-core directory."
-    ls -la
-    exit 1
-  fi
-
-  echo "Changing into homebrew-core directory"
-  pushd homebrew-core && pwd
-
-  echo "Adding Homebrew/homebrew-core"
-  git remote add upstream https://github.com/Homebrew/homebrew-core.git
-
-  # Make sure the git remote step is successful
-  if ! git config remote.upstream.url > /dev/null; then
-    echo "git remote add upstream failed."
-    echo "Could not find upstream in list of remotes."
-    git remote -v
-    exit 1
-  fi
-
-  # TODO@jsjoeio - can I somehow check that this succeeded?
-  echo "Fetching upstream Homebrew/hombrew-core commits"
-  git fetch upstream
-
-  # TODO@jsjoeio - can I somehow check that this succeeded?
-  echo "Merging in latest Homebrew/homebrew-core changes"
-  git merge upstream/master
-
-  echo "Pushing changes to coderci/homebrew-core fork on GitHub"
-
-  # GIT_ASKPASS lets us use the password when pushing without revealing it in the process list
-  # See: https://serverfault.com/a/912788
-  PATH_TO_GIT_ASKPASS="$HOME/git-askpass.sh"
-  # Source: https://serverfault.com/a/912788
-  # shellcheck disable=SC2016,SC2028
-  echo 'echo $HOMEBREW_GITHUB_API_TOKEN' > "$PATH_TO_ASKPASS"
-
-  # Make sure the git-askpass.sh file creation is successful
-  if file_exists "$PATH_TO_GIT_ASKPASS"; then
-    echo "git-askpass.sh not found in $HOME."
-    ls -la "$HOME"
-    exit 1
-  fi
-
-  # Ensure it's executable since we just created it
-  chmod +x "$PATH_TO_GIT_ASKPASS"
-
-  # Make sure the git-askpass.sh file is executable
-  if is_executable "$PATH_TO_GIT_ASKPASS"; then
-    echo "$PATH_TO_GIT_ASKPASS is not executable."
-    ls -la "$PATH_TO_GIT_ASKPASS"
-    exit 1
-  fi
-
-  # Export the variables so git sees them
-  export HOMEBREW_GITHUB_API_TOKEN="$HOMEBREW_GITHUB_API_TOKEN"
-  export GIT_ASKPASS="$PATH_TO_ASKPASS"
-  git push https://coder-oss@github.com/coder-oss/homebrew-core.git --all
-
   # Find the docs for bump-formula-pr here
   # https://github.com/Homebrew/brew/blob/master/Library/Homebrew/dev-cmd/bump-formula-pr.rb#L18
   local output
-  if ! output=$(brew bump-formula-pr --version="${VERSION}" code-server --no-browse --no-audit 2>&1); then
+  if ! output=$(brew bump-formula-pr --version="${VERSION}" code-server --no-browse --no-audit --message="PR opened by @${GITHUB_ACTOR}" 2>&1); then
     if [[ $output == *"Duplicate PRs should not be opened"* ]]; then
       echo "$VERSION is already submitted"
+      exit 0
     else
       echo "$output"
       exit 1
     fi
   fi
-
-  # Clean up and remove homebrew-core
-  popd
-  rm -rf homebrew-core
-
-  # Make sure homebrew-core is removed
-  if directory_exists "homebrew-core"; then
-    echo "rm -rf homebrew-core failed."
-    ls -la
-  fi
 }
 
 main "$@"

ci/steps/docker-buildx-push.sh

@@ -3,13 +3,13 @@ set -euo pipefail
 
 main() {
   cd "$(dirname "$0")/../.."
-
-  # ci/lib.sh sets VERSION and provides download_artifact here
+  # ci/lib.sh sets VERSION so it's available to ci/release-image/docker-bake.hcl
+  # to push the VERSION tag.
   source ./ci/lib.sh
 
-  # Download the release-packages artifact
-  download_artifact release-packages ./release-packages
-
+  # NOTE@jsjoeio - this script assumes that you've downloaded
+  # the release-packages artifact to ./release-packages before
+  # running this docker buildx step
   docker buildx bake -f ci/release-image/docker-bake.hcl --push
 }
 

ci/steps/publish-npm.sh

@@ -13,14 +13,6 @@ main() {
     exit 1
   fi
 
-  # NOTE@jsjoeio - only needed if we use the download_artifact
-  # because we talk to the GitHub API.
-  # Needed to use GitHub API
-  if ! is_env_var_set "GITHUB_TOKEN"; then
-    echo "GITHUB_TOKEN is not set. Cannot download npm release artifact without GitHub credentials."
-    exit 1
-  fi
-
   ## Publishing Information
   # All the variables below are used to determine how we should publish
   # the npm package. We also use this information for bumping the version.
@@ -51,6 +43,13 @@ main() {
     exit 1
   fi
 
+  # Check that we're using at least v7 of npm CLI
+  if ! command -v jq &> /dev/null; then
+    echo "Couldn't find jq"
+    echo "We need this in order to modify the package.json for dev builds."
+    exit 1
+  fi
+
   # This allows us to publish to npm in CI workflows
   if [[ ${CI-} ]]; then
     echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
@@ -82,9 +81,9 @@ main() {
   # https://github.com/actions/upload-artifact/issues/38
   tar -xzf release-npm-package/package.tar.gz
 
-  # Ignore symlink when publishing npm package
-  # See: https://github.com/coder/code-server/pull/3935
-  echo "node_modules.asar" > release/.npmignore
+  # We use this to set the name of the package in the
+  # package.json
+  PACKAGE_NAME="code-server"
 
   # NOTES:@jsjoeio
   # We only need to run npm version for "development" and "staging".
@@ -112,12 +111,14 @@ main() {
       # Source: https://github.com/actions/checkout/issues/58#issuecomment-614041550
       PR_NUMBER=$(echo "$GITHUB_REF" | awk 'BEGIN { FS = "/" } ; { print $3 }')
       NPM_VERSION="$VERSION-$PR_NUMBER-$COMMIT_SHA"
+      PACKAGE_NAME="@coder/code-server-pr"
       # This means the npm version will be tagged with "<pr number>"
       # and installed when a user runs `yarn install code-server@<pr number>`
       NPM_TAG="$PR_NUMBER"
     fi
 
     echo "using tag: $NPM_TAG"
+    echo "using package name: $PACKAGE_NAME"
 
     # We modify the version in the package.json
     # to be the current version + the PR number + commit SHA
@@ -125,9 +126,17 @@ main() {
     # Example: "version": "4.0.1-4769-ad7b23cfe6ffd72914e34781ef7721b129a23040"
     # Example: "version": "4.0.1-beta-ad7b23cfe6ffd72914e34781ef7721b129a23040"
     pushd release
-    # NOTE:@jsjoeio
+    # NOTE@jsjoeio
     # I originally tried to use `yarn version` but ran into issues and abandoned it.
     npm version "$NPM_VERSION"
+    # NOTE@jsjoeio
+    # Use the development package name
+    # This is so we don't clutter the code-server versions on npm
+    # with development versions.
+    # jq can't edit in place so we must store in memory and echo
+    local contents
+    contents="$(jq ".name |= \"$PACKAGE_NAME\"" package.json)"
+    echo "${contents}" > package.json
     popd
   fi
 
@@ -141,7 +150,10 @@ main() {
     return
   fi
 
-  yarn publish --non-interactive release --tag "$NPM_TAG"
+  # NOTE@jsjoeio
+  # Since the dev builds are scoped to @coder
+  # We pass --access public to ensure npm knows it's not private.
+  yarn publish --non-interactive release --tag "$NPM_TAG" --access public
 }
 
 main "$@"

docs/CONTRIBUTING.md

@@ -7,8 +7,12 @@
 - [Creating pull requests](#creating-pull-requests)
   - [Commits and commit history](#commits-and-commit-history)
 - [Development workflow](#development-workflow)
-  - [Updates to VS Code](#updates-to-vs-code)
+  - [Version updates to Code](#version-updates-to-code)
+  - [Patching Code](#patching-code)
   - [Build](#build)
+  - [Troubleshooting](#troubleshooting)
+    - [I see "Forbidden access" when I load code-server in the browser](#i-see-forbidden-access-when-i-load-code-server-in-the-browser)
+  - ["Can only have one anonymous define call per script"](#can-only-have-one-anonymous-define-call-per-script)
   - [Help](#help)
 - [Test](#test)
   - [Unit tests](#unit-tests)
@@ -16,7 +20,7 @@
   - [Integration tests](#integration-tests)
   - [End-to-end tests](#end-to-end-tests)
 - [Structure](#structure)
-  - [Modifications to VS Code](#modifications-to-vs-code)
+  - [Modifications to Code](#modifications-to-code)
   - [Currently Known Issues](#currently-known-issues)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -30,7 +34,7 @@ for [VS
 Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites).
 Here is what is needed:
 
-- `node` v14.x
+- `node` v16.x
 - `git` v2.x or greater
 - [`git-lfs`](https://git-lfs.github.com)
 - [`yarn`](https://classic.yarnpkg.com/en/)
@@ -44,6 +48,8 @@ Here is what is needed:
     signature
     verification](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification)
     or follow [this tutorial](https://joeprevite.com/verify-commits-on-github)
+- `quilt`
+  - Used to manage patches to Code
 - `rsync` and `unzip`
   - Used for code-server releases
 - `bats`
@@ -57,7 +63,7 @@ If you're developing code-server on Linux, make sure you have installed or insta
 sudo apt-get install build-essential g++ libx11-dev libxkbfile-dev libsecret-1-dev python-is-python3
 ```
 
-These are required by VS Code. See [their Wiki](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites) for more information.
+These are required by Code. See [their Wiki](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites) for more information.
 
 ## Creating pull requests
 
@@ -78,41 +84,46 @@ we'll guide you.
 
 ## Development workflow
 
-The current development workflow is a bit tricky because we have this repo and we use our `coder/vscode` fork inside it with [`yarn link`](https://classic.yarnpkg.com/lang/en/docs/cli/link/).
-
-Here are these steps you should follow to get your dev environment setup:
-
 1. `git clone https://github.com/coder/code-server.git` - Clone `code-server`
-2. `git clone https://github.com/coder/vscode.git` - Clone `vscode`
-3. `cd vscode && yarn install` - install the dependencies in the `vscode` repo
-4. `cd code-server && yarn install` - install the dependencies in the `code-server` repo
-5. `cd vscode && yarn link` - use `yarn` to create a symlink to the `vscode` repo (`code-oss-dev` package)
-6. `cd code-server && yarn link code-oss-dev --modules-folder vendor/modules` - links your local `vscode` repo (`code-oss-dev` package) inside your local version of code-server
-7. `cd code-server && yarn watch` - this will spin up code-server on localhost:8080 which you can start developing. It will live reload changes to the source.
+2. `git submodule update --init` - Clone `vscode` submodule
+3. `quilt push -a` - Apply patches to the `vscode` submodule.
+4. `yarn` - Install dependencies
+5. `yarn watch` - Launch code-server localhost:8080. code-server will be live
+   reloaded when changes are made; the browser needs to be refreshed manually.
 
-### Updates to VS Code
+When pulling down changes that include modifications to the patches you will
+need to apply them with `quilt`. If you pull down changes that update the
+`vscode` submodule you will need to run `git submodule update --init` and
+re-apply the patches.
 
-If changes are made and merged into `main` in the [`coder/vscode`](https://github.com/coder/vscode) repo, then you'll need to update the version in the `code-server` repo by following these steps:
+### Version updates to Code
 
-1. Update the package tag listed in `vendor/package.json`:
-
-```json
-{
-  "devDependencies": {
-    "vscode": "coder/vscode#<latest-commit-sha>"
-  }
-}
-```
-
-2. From the code-server **project root**, run `yarn install`.
-   Then, test code-server locally to make sure everything works.
-3. Check the Node.js version that's used by Electron (which is shipped with VS
+1. Update the `lib/vscode` submodule to the desired upstream version branch.
+   1. `cd lib/vscode && git checkout release/1.66 && cd ../..`
+   2. `git add lib && git commit -m "chore: update Code"`
+2. Apply the patches (`quilt push -a`) or restore your stashed changes. At this
+   stage you may need to resolve conflicts. For example use `quilt push -f`,
+   manually apply the rejected portions, then `quilt refresh`.
+3. From the code-server **project root**, run `yarn install`.
+4. Test code-server locally to make sure everything works.
+5. Check the Node.js version that's used by Electron (which is shipped with VS
    Code. If necessary, update your version of Node.js to match.
-4. Open a PR
+6. Commit the updated submodule and patches to `code-server`.
+7. Open a PR.
 
-> Watch for updates to
-> `vendor/modules/code-oss-dev/src/vs/code/browser/workbench/workbench.html`. You may need to
-> make changes to `src/browser/pages/vscode.html`.
+### Patching Code
+
+0. You can go through the patch stack with `quilt push` and `quilt pop`.
+1. Create a new patch (`quilt new {name}.diff`) or use an existing patch.
+2. Add the file(s) you are patching (`quilt add [-P patch] {file}`). A file
+   **must** be added before you make changes to it.
+3. Make your changes. Patches do not need to be independent of each other but
+   each patch must result in a working code-server without any broken in-between
+   states otherwise they are difficult to test and modify.
+4. Add your changes to the patch (`quilt refresh`)
+5. Add a comment in the patch about the reason for the patch and how to
+   reproduce the behavior it fixes or adds. Every patch should have an e2e test
+   as well.
 
 ### Build
 
@@ -124,11 +135,13 @@ yarn build:vscode
 yarn release
 ```
 
+_NOTE: this does not keep `node_modules`. If you want them to be kept, use `KEEP_MODULES=1 yarn release` (if you're testing in Coder, you'll want to do this)_
+
 Run your build:
 
 ```shell
 cd release
-yarn --production
+yarn --production # Skip if you used KEEP_MODULES=1
 # Runs the built JavaScript with Node.
 node .
 ```
@@ -137,7 +150,7 @@ Build the release packages (make sure that you run `yarn release` first):
 
 ```shell
 yarn release:standalone
-yarn test:standalone-release
+yarn test:integration
 yarn package
 ```
 
@@ -146,6 +159,18 @@ yarn package
 > If you need your builds to support older distros, run the build commands
 > inside a Docker container with all the build requirements installed.
 
+### Troubleshooting
+
+#### I see "Forbidden access" when I load code-server in the browser
+
+This means your patches didn't apply correctly. We have a patch to remove the auth from vanilla Code because we use our own.
+
+Try popping off the patches with `quilt pop -a` and reapplying with `quilt push -a`.
+
+### "Can only have one anonymous define call per script"
+
+Code might be trying to use a dev or prod HTML in the wrong context. You can try re-running code-server and setting `VSCODE_DEV=1`.
+
 ### Help
 
 If you get stuck or need help, you can always start a new GitHub Discussion [here](https://github.com/coder/code-server/discussions). One of the maintainers will respond and help you out.
@@ -178,9 +203,8 @@ We use these to test anything related to our scripts (most of which live under `
 
 ### Integration tests
 
-These are a work in progress. We build code-server and run a script called
-[test-standalone-release.sh](../ci/build/test-standalone-release.sh), which
-ensures that code-server's CLI is working.
+These are a work in progress. We build code-server and run tests with `yarn test:integration`, which ensures that code-server builds work on their respective
+platforms.
 
 Our integration tests look at components that rely on one another. For example,
 testing the CLI requires us to build and package code-server.
@@ -208,99 +232,46 @@ code-server running locally. In CI, this is taken care of for you.
 
 ## Structure
 
-The `code-server` script serves as an HTTP API for login and starting a remote VS
+The `code-server` script serves as an HTTP API for login and starting a remote
 Code process.
 
 The CLI code is in [src/node](../src/node) and the HTTP routes are implemented
 in [src/node/routes](../src/node/routes).
 
-Most of the meaty parts are in the VS Code portion of the codebase under
-[vendor/modules/code-oss-dev](../vendor/modules/code-oss-dev), which we describe next.
+Most of the meaty parts are in the Code portion of the codebase under
+[lib/vscode](../lib/vscode), which we describe next.
 
-### Modifications to VS Code
+### Modifications to Code
 
-In v1 of code-server, we had a patch of VS Code that split the codebase into a
-front-end and a server. The front-end consisted of the UI code, while the server
-ran the extensions and exposed an API to the front-end for file access and all
-UI needs.
+Our modifications to Code can be found in the [patches](../patches) directory.
+We pull in Code as a submodule pointing to an upstream release branch.
 
-Over time, Microsoft added support to VS Code to run it on the web. They have
-made the front-end open source, but not the server. As such, code-server v2 (and
-later) uses the VS Code front-end and implements the server. We do this by using
-a Git subtree to fork and modify VS Code. This code lives under
-[vendor/modules/code-oss-dev](../vendor/modules/code-oss-dev).
+In v1 of code-server, we had Code as a submodule and used a single massive patch
+that split the codebase into a front-end and a server. The front-end consisted
+of the UI code, while the server ran the extensions and exposed an API to the
+front-end for file access and all UI needs.
 
-Some noteworthy changes in our version of VS Code include:
+Over time, Microsoft added support to Code to run it on the web. They had made
+the front-end open source, but not the server. As such, code-server v2 (and
+later) uses the Code front-end and implements the server. We did this by using a
+Git subtree to fork and modify Code.
 
-- Adding our build file, [`vendor/modules/code-oss-dev/coder.js`](../vendor/modules/code-oss-dev/coder.js), which includes build steps specific to code-server
-- Node.js version detection changes in [`build/lib/node.ts`](../vendor/modules/code-oss-dev/build/lib/node.ts) and [`build/lib/util.ts`](../vendor/modules/code-oss-dev/build/lib/util.ts)
-- Allowing extra extension directories
-  - Added extra arguments to [`src/vs/platform/environment/common/argv.ts`](../vendor/modules/code-oss-dev/src/vs/platform/environment/common/argv.ts) and to [`src/vs/platform/environment/node/argv.ts`](../vendor/modules/code-oss-dev/src/vs/platform/environment/node/argv.ts)
-  - Added extra environment state to [`src/vs/platform/environment/common/environment.ts`](../vendor/modules/code-oss-dev/src/vs/platform/environment/common/environment.ts);
-  - Added extra getters to [`src/vs/platform/environment/common/environmentService.ts`](../vendor/modules/code-oss-dev/src/vs/platform/environment/common/environmentService.ts)
-  - Added extra scanning paths to [`src/vs/platform/extensionManagement/node/extensionsScanner.ts`](../vendor/modules/code-oss-dev/src/vs/platform/extensionManagement/node/extensionsScanner.ts)
-- Additions/removals from [`package.json`](../vendor/modules/code-oss-dev/package.json):
-  - Removing `electron`, `keytar` and `native-keymap` to avoid pulling in desktop dependencies during build on Linux
-  - Removing `gulp-azure-storage` and `gulp-tar` (unsued in our build process, may pull in outdated dependencies)
-  - Adding `proxy-agent`, `proxy-from-env` (for proxying) and `rimraf` (used during build/install steps)
-- Adding our branding/custom URLs/version:
-  - [`product.json`](../vendor/modules/code-oss-dev/product.json)
-  - [`src/vs/base/common/product.ts`](../vendor/modules/code-oss-dev/src/vs/base/common/product.ts)
-  - [`src/vs/workbench/browser/parts/dialogs/dialogHandler.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts)
-  - [`src/vs/workbench/contrib/welcome/page/browser/vs_code_welcome_page.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/contrib/welcome/page/browser/vs_code_welcome_page.ts)
-  - [`src/vs/workbench/contrib/welcome/page/browser/welcomePage.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/contrib/welcome/page/browser/welcomePage.ts)
-- Removing azure/macOS signing related dependencies from [`build/package.json`](../vendor/modules/code-oss-dev/build/package.json)
-- Modifying `.gitignore` to allow us to add files to `src/vs/server` and modifying `.eslintignore` to ignore lint on the shared files below (we use different formatter settings than VS Code).
-- Sharing some files with our codebase via symlinks:
-  - [`src/vs/base/common/ipc.d.ts`](../vendor/modules/code-oss-dev/src/vs/base/common/ipc.d.ts) points to [`typings/ipc.d.ts`](../typings/ipc.d.ts)
-  - [`src/vs/base/common/util.ts`](../vendor/modules/code-oss-dev/src/vs/base/common/util.ts) points to [`src/common/util.ts`](../src/common/util.ts)
-  - [`src/vs/base/node/proxy_agent.ts`](../vendor/modules/code-oss-dev/src/vs/base/node/proxy_agent.ts) points to [`src/node/proxy_agent.ts`](../src/node/proxy_agent.ts)
-- Allowing socket changes by adding `setSocket` in [`src/vs/base/parts/ipc/common/ipc.net.ts`](../vendor/modules/code-oss-dev/src/vs/base/parts/ipc/common/ipc.net.ts)
-  - We use this for connection persistence in our server-side code.
-- Added our server-side Node.JS code to `src/vs/server`.
-  - This code includes the logic to spawn the various services (extension host, terminal, etc.) and some glue
-- Added [`src/vs/workbench/browser/client.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/browser/client.ts) to hold some server customizations.
-  - Includes the functionality for the Log Out command and menu item
-  - Also, imported and called `initialize` from the main web file, [`src/vs/workbench/browser/web.main.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/browser/web.main.ts)
-- Added a (hopefully temporary) hotfix to [`src/vs/workbench/common/resources.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/common/resources.ts) to get context menu actions working for the Git integration.
-- Added connection type to WebSocket query parameters in [`src/vs/platform/remote/common/remoteAgentConnection.ts`](../vendor/modules/code-oss-dev/src/vs/platform/remote/common/remoteAgentConnection.ts)
-- Added `CODE_SERVER*` variables to the sanitization list in [`src/vs/base/common/processes.ts`](../vendor/modules/code-oss-dev/src/vs/base/common/processes.ts)
-- Fix localization support:
-  - Added file [`src/vs/workbench/services/localizations/browser/localizationsService.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/services/localizations/browser/localizationsService.ts).
-  - Modified file [`src/vs/base/common/platform.ts`](../vendor/modules/code-oss-dev/src/vs/base/common/platform.ts)
-  - Modified file [`src/vs/base/node/languagePacks.js`](../vendor/modules/code-oss-dev/src/vs/base/node/languagePacks.js)
-- Added code to allow server to inject settings to [`src/vs/platform/product/common/product.ts`](../vendor/modules/code-oss-dev/src/vs/platform/product/common/product.ts)
-- Extension fixes:
-  - Avoid disabling extensions by extensionKind in [`src/vs/workbench/services/extensionManagement/browser/extensionEnablementService.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/services/extensionManagement/browser/extensionEnablementService.ts) (Needed for vscode-icons)
-  - Remove broken symlinks in [`extensions/postinstall.js`](../vendor/modules/code-oss-dev/extensions/postinstall.js)
-  - Add tip about extension gallery in [`src/vs/workbench/contrib/extensions/browser/extensionsViewlet.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/contrib/extensions/browser/extensionsViewlet.ts)
-  - Use our own server for GitHub authentication in [`extensions/github-authentication/src/githubServer.ts`](../vendor/modules/code-oss-dev/extensions/github-authentication/src/githubServer.ts)
-  - Settings persistence on the server in [`src/vs/workbench/services/environment/browser/environmentService.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/services/environment/browser/environmentService.ts)
-  - Add extension install fallback in [`src/vs/workbench/services/extensionManagement/common/extensionManagementService.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/services/extensionManagement/common/extensionManagementService.ts)
-  - Add proxy-agent monkeypatch and keep extension host indefinitely running in [`src/vs/workbench/services/extensions/node/extensionHostProcessSetup.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/services/extensions/node/extensionHostProcessSetup.ts)
-  - Patch build system to avoid removing extension dependencies for `yarn global add` users in [`build/lib/extensions.ts`](../vendor/modules/code-oss-dev/build/lib/extensions.ts)
-  - Allow all extensions to use proposed APIs in [`src/vs/workbench/services/environment/browser/environmentService.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/services/environment/browser/environmentService.ts)
-  - Make storage writes async to allow extensions to wait for them to complete in [`src/vs/platform/storage/common/storage.ts`](../vendor/modules/code-oss-dev/src/vs/platform/storage/common/storage.ts)
-- Specify webview path in [`src/vs/code/browser/workbench/workbench.ts`](../vendor/modules/code-oss-dev/src/vs/code/browser/workbench/workbench.ts)
-- URL readability improvements for folder/workspace in [`src/vs/code/browser/workbench/workbench.ts`](../vendor/modules/code-oss-dev/src/vs/code/browser/workbench/workbench.ts)
-- Socket/Authority-related fixes (for remote proxying etc.):
-  - [`src/vs/code/browser/workbench/workbench.ts`](../vendor/modules/code-oss-dev/src/vs/code/browser/workbench/workbench.ts)
-  - [`src/vs/platform/remote/browser/browserSocketFactory.ts`](../vendor/modules/code-oss-dev/src/vs/platform/remote/browser/browserSocketFactory.ts)
-  - [`src/vs/base/common/network.ts`](../vendor/modules/code-oss-dev/src/vs/base/common/network.ts)
-- Added code to write out IPC path in [`src/vs/workbench/api/node/extHostCLIServer.ts`](../vendor/modules/code-oss-dev/src/vs/workbench/api/node/extHostCLIServer.ts)
+Microsoft eventually made the server open source and we were able to reduce our
+changes significantly. Some time later we moved back to a submodule and patches
+(managed by `quilt` this time instead of the mega-patch).
 
-As the web portion of VS Code matures, we'll be able to shrink and possibly
-eliminate our modifications. In the meantime, upgrading the VS Code version requires
-us to ensure that our changes are still applied and work as intended. In the future,
-we'd like to run VS Code unit tests against our builds to ensure that features
-work as expected.
+As the web portion of Code continues to mature, we'll be able to shrink and
+possibly eliminate our patches. In the meantime, upgrading the Code version
+requires us to ensure that our changes are still applied correctly and work as
+intended. In the future, we'd like to run Code unit tests against our builds to
+ensure that features work as expected.
 
 > We have [extension docs](../ci/README.md) on the CI and build system.
 
-If the functionality you're working on does NOT depend on code from VS Code, please
+If the functionality you're working on does NOT depend on code from Code, please
 move it out and into code-server.
 
 ### Currently Known Issues
 
-- Creating custom VS Code extensions and debugging them doesn't work
+- Creating custom Code extensions and debugging them doesn't work
 - Extension profiling and tips are currently disabled

docs/MAINTAINING.md

@@ -19,7 +19,7 @@
     - [Docker](#docker)
     - [Homebrew](#homebrew)
     - [npm](#npm)
-- [Syncing with Upstream VS Code](#syncing-with-upstream-vs-code)
+- [Syncing with upstream Code](#syncing-with-upstream-code)
 - [Testing](#testing)
 - [Documentation](#documentation)
   - [Troubleshooting](#troubleshooting)
@@ -34,7 +34,6 @@ as well as share our workflow for maintaining the project.
 Current maintainers:
 
 - @code-asher
-- @TeffenEllis
 - @jsjoeio
 
 Occasionally, other Coder employees may step in time to time to assist with code-server.
@@ -165,16 +164,18 @@ If you're the current release manager, follow these steps:
 
 ### Publishing a release
 
-1. Create a release branch called `v0.0.0` but replace with new version
+1. Create a new branch called `release/v0.0.0` (replace 0s with actual version aka v4.5.0)
+   1. If you don't do this, the `npm-brew` GitHub workflow will fail. It looks for the release artifacts under the branch pattern.
 1. Run `yarn release:prep` and type in the new version (e.g., `3.8.1`)
 1. GitHub Actions will generate the `npm-package`, `release-packages` and
    `release-images` artifacts. You do not have to wait for this step to complete
    before proceeding.
 1. Run `yarn release:github-draft` to create a GitHub draft release from the
-   template with the updated version.
+   template with the updated version. Make sure to update the `CHANGELOG.md`.
+1. Bump chart version in `Chart.yaml`.
 1. Summarize the major changes in the release notes and link to the relevant
    issues.
-1. Change the @ to target the version branch. Example: `v3.9.0 @ Target: v3.9.0`
+1. Change the @ to target the version branch. Example: `v3.9.0 @ Target: release/v3.9.0`
 1. Wait for the `npm-package`, `release-packages` and `release-images` artifacts
    to build.
 1. Run `yarn release:github-assets` to download the `release-packages` artifact.
@@ -215,18 +216,9 @@ We publish code-server as a npm package [here](https://www.npmjs.com/package/cod
 
 This is currently automated with the release process.
 
-## Syncing with Upstream VS Code
+## Syncing with upstream Code
 
-The VS Code portion of code-server lives under [`coder/vscode`](https://github.com/coder/vscode). To update VS Code for code-server, follow these steps:
-
-1. `git checkout -b vscode-update` - Create a new branch locally based off `main`
-2. `git fetch upstream` - Fetch upstream (VS Code)'s latest branches
-3. `git merge upstream/release/1.64` - Merge it locally
-   1. replace `1.64` with the version you're upgrading to
-   1. If there are merge conflicts, commit first, then fix them locally.
-4. Open a PR merging your branch (`vscode-update`) into `main` and add the code-server review team
-
-Ideally, our fork stays as close to upstream as possible. See the differences between our fork and upstream [here](https://github.com/microsoft/vscode/compare/main...coder:main).
+Refer to the [contributing docs](https://coder.com/docs/code-server/latest/CONTRIBUTING#version-updates-to-code) for information on how to update Code within code-server.
 
 ## Testing
 

docs/README.md

@@ -1,6 +1,6 @@
 # code-server
 
-[!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/coder/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://coder.com/community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq) [![codecov](https://codecov.io/gh/coder/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/coder/code-server) [![See v4.0.2 docs](https://img.shields.io/static/v1?label=Docs&message=see%20v4.0.2%20&color=blue)](https://github.com/coder/code-server/tree/v4.0.2/docs)
+[!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/coder/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://coder.com/community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq) [![codecov](https://codecov.io/gh/coder/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/coder/code-server) [![See latest](https://img.shields.io/static/v1?label=Docs&message=see%20latest&color=blue)](https://coder.com/docs/code-server/latest)
 
 Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and
 access it in the browser.
@@ -14,19 +14,16 @@ access it in the browser.
 - Preserve battery life when you're on the go; all intensive tasks run on your
   server
 
-| 🔔 code-server is a free browser-based IDE while [Coder](https://coder.com/) is our enterprise developer workspace platform. For more information, visit [Coder.com](https://coder.com/docs/comparison)
-| ---
-
 ## Requirements
 
 See [requirements](requirements.md) for minimum specs, as well as instructions
 on how to set up a Google VM on which you can install code-server.
 
-**TL;DR:** Linux machine with WebSockets enabled, 1 GB RAM, and 2 CPUs
+**TL;DR:** Linux machine with WebSockets enabled, 1 GB RAM, and 2 vCPUs
 
 ## Getting started
 
-There are three ways to get started:
+There are four ways to get started:
 
 1. Using the [install
    script](https://github.com/coder/code-server/blob/main/install.sh), which
@@ -34,7 +31,8 @@ There are three ways to get started:
    possible.
 2. Manually [installing
    code-server](https://coder.com/docs/code-server/latest/install)
-3. Using our one-click buttons and guides to [deploy code-server to a cloud
+3. Deploy code-server to your team with [coder/coder](https://cdr.co/coder-github)
+4. Using our one-click buttons and guides to [deploy code-server to a cloud
    provider](https://github.com/coder/deploy-code-server) ⚡
 
 If you use the install script, you can preview what occurs during the install
@@ -53,6 +51,9 @@ curl -fsSL https://code-server.dev/install.sh | sh
 When done, the install script prints out instructions for running and starting
 code-server.
 
+> **Note**
+> To manage code-server for a team on your infrastructure, see: [coder/coder](https://cdr.co/coder-github)
+
 We also have an in-depth [setup and
 configuration](https://coder.com/docs/code-server/latest/guide) guide.
 

docs/android.md

@@ -11,11 +11,11 @@ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
 ```
 
 6. Exit the terminal using `exit` and then reopen the terminal
-7. Install and use Node.js 14:
+7. Install and use Node.js 16:
 
 ```shell
-nvm install 14
-nvm use 14
+nvm install 16
+nvm use 16
 ```
 
 8. Install code-server globally on device with: `npm i -g code-server`

docs/assets/images/icons/collab.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="20" height="20" viewBox="0 0 20 20"> <path d="M12.2 13.4357L9.5 11.4357C10.4 10.7357 11 9.7357 11 8.5357V7.7357C11 5.8357 9.6 4.1357 7.7 4.0357C5.7 3.9357 4 5.5357 4 7.5357V8.5357C4 9.7357 4.6 10.7357 5.5 11.4357L2.8 13.5357C2.3 13.9357 2 14.5357 2 15.1357V17.0357C2 17.6357 2.4 18.0357 3 18.0357H12C12.6 18.0357 13 17.6357 13 17.0357V15.0357C13 14.4357 12.7 13.8357 12.2 13.4357Z"/> <path d="M17.1 8.43436L15.3 7.23436C15.7 6.83436 16 6.23436 16 5.53436V4.63436C16 3.43436 15.1 2.23436 13.9 2.03436C12.7 1.83436 11.7 2.53436 11.2 3.43436C12.3 4.43436 13 5.83436 13 7.43436V8.43436C13 9.33436 12.8 10.2344 12.4 10.9344C12.4 10.9344 13.6 11.8344 13.6 11.9344H17C17.6 11.9344 18 11.5344 18 10.9344V10.1344C18 9.43436 17.7 8.83436 17.1 8.43436Z"/></svg>

docs/assets/images/icons/contributing.svg

@@ -0,0 +1 @@
+<svg width="20" height="20" fill="none" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg"><path d="M5 2.5V12.5" stroke="currentColor" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M15 7.5C16.3807 7.5 17.5 6.38071 17.5 5C17.5 3.61929 16.3807 2.5 15 2.5C13.6193 2.5 12.5 3.61929 12.5 5C12.5 6.38071 13.6193 7.5 15 7.5Z" stroke="currentColor" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M5 17.5C6.38071 17.5 7.5 16.3807 7.5 15C7.5 13.6193 6.38071 12.5 5 12.5C3.61929 12.5 2.5 13.6193 2.5 15C2.5 16.3807 3.61929 17.5 5 17.5Z" stroke="currentColor" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M15 7.5C15 9.48912 14.2098 11.3968 12.8033 12.8033C11.3968 14.2098 9.48912 15 7.5 15" stroke="currentColor" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/></svg>

docs/assets/images/icons/faq.svg

@@ -0,0 +1 @@
+<svg width="20" height="20" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"><path d="M10.0001 18.3333C14.6025 18.3333 18.3334 14.6024 18.3334 10C18.3334 5.39762 14.6025 1.66666 10.0001 1.66666C5.39771 1.66666 1.66675 5.39762 1.66675 10C1.66675 14.6024 5.39771 18.3333 10.0001 18.3333Z" stroke="currentColor" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M7.57495 7.5C7.77087 6.94306 8.15758 6.47342 8.66658 6.17428C9.17558 5.87513 9.77403 5.76578 10.3559 5.86559C10.9378 5.96541 11.4656 6.26794 11.8458 6.71961C12.2261 7.17128 12.4342 7.74294 12.4333 8.33333C12.4333 10 9.93328 10.8333 9.93328 10.8333" stroke="currentColor" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/><path d="M10 14.1667H10.0083" stroke="currentColor" fill="none" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/></svg>

docs/assets/images/icons/home.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" viewBox="0 0 16 16" width="16px" xml:space="preserve"><path d="M15.45,7L14,5.551V2c0-0.55-0.45-1-1-1h-1c-0.55,0-1,0.45-1,1v0.553L9,0.555C8.727,0.297,8.477,0,8,0S7.273,0.297,7,0.555  L0.55,7C0.238,7.325,0,7.562,0,8c0,0.563,0.432,1,1,1h1v6c0,0.55,0.45,1,1,1h3v-5c0-0.55,0.45-1,1-1h2c0.55,0,1,0.45,1,1v5h3  c0.55,0,1-0.45,1-1V9h1c0.568,0,1-0.437,1-1C16,7.562,15.762,7.325,15.45,7z"></path></svg>

docs/assets/images/icons/requirements.svg

@@ -0,0 +1 @@
+<svg width="20" height="20" viewBox="0 0 20 20"  xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"><path d="M6 2V11H2V15C2 16.7 3.3 18 5 18H15C16.7 18 18 16.7 18 15V2H6ZM16 15C16 15.6 15.6 16 15 16H8V4H16V15Z" /><path d="M14 7H10V9H14V7Z" /><path d="M14 11H10V13H14V11Z" /></svg>

docs/assets/images/icons/upgrade.svg

@@ -0,0 +1 @@
+<svg width="20" height="20" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"><path d="M17.8049 2.19795C17.7385 2.1311 17.6587 2.07899 17.5708 2.04504C17.4829 2.01108 17.3889 1.99604 17.2948 2.00089C7.89216 2.49153 4.4188 10.8673 4.38528 10.9517C4.33624 11.0736 4.32406 11.2071 4.5.028 11.3358C4.3765 11.4645 4.43995 11.5827 4.53274 11.6756L8.32449 15.4674C8.41787 15.5606 8.53669 15.6242 8.66606 15.6502C8.79543 15.6762 8.92959 15.6634 9.05174 15.6135C9.13552 15.5793 17.4664 12.0671 17.9986 2.7087C18.0039 2.61474 17.9895 2.5207 17.9561 2.4327C17.9227 2.3447 17.8712 2.26471 17.8049 2.19795ZM12.3314 9.56427C12.1439 9.75179 11.9051 9.87951 11.645 9.93126C11.385 9.98302 11.1154 9.9565 10.8704 9.85505C10.6254 9.7536 10.4161 9.58178 10.2687 9.36131C10.1214 9.14085 10.0428 8.88166 10.0428 8.6165C10.0428 8.35135 10.1214 8.09215 10.2687 7.87169C10.4161 7.65123 10.6254 7.47941 10.8704 7.37796C11.1154 7.27651 11.385 7.24998 11.645 7.30174C11.9051 7.3535 12.1439 7.48121 12.3314 7.66873C12.5827 7.92012 12.7239 8.26104 12.7239 8.6165C12.7239 8.97197 12.5827 9.31288 12.3314 9.56427Z"/><path d="M2.74602 14.5444C2.92281 14.3664 3.133 14.2251 3.36454 14.1285C3.59608 14.0319 3.8444 13.9819 4.09529 13.9815C4.34617 13.9811 4.59466 14.0.12 4.82653 14.126C5.05839 14.2218 5.26907 14.3624 5.44647 14.5398C5.62386 14.7172 5.7645 14.9279 5.86031 15.1598C5.95612 15.3916 6.00522 15.6401 6.00479 15.891C6.00437 16.1419 5.95442 16.3902 5.85782 16.6218C5.76122 16.8533 5.61987 17.0635 5.44186 17.2403C4.69719 17.985 2 18.0004 2 18.0004C2 18.0004 2 15.2884 2.74602 14.5444Z"/><path d="M8.9416 3.48269C7.99688 3.31826 7.02645 3.38371 6.11237 3.67352C5.19828 3.96332 4.36741 4.46894 3.68999 5.14765C3.33153 5.50944.5.01988 5.91477 2.76233 6.35415C2.68692 6.4822 2.6562 6.63169 2.67501 6.77911C2.69381 6.92652 2.76108 7.06351 2.86623 7.16853L4.1994 8.50238C5.43822 6.53634 7.04911 4.83119 8.9416 3.48269Z"/><path d="M16.5181 11.0585C16.6825 12.0033 16.6171 12.9737 16.3273 13.8878C16.0375 14.8019 15.5318 15.6327 14.8531 16.3101C14.4914 16.6686 14.086 16.9803 13.6466 17.2378C13.5186 17.3132 13.3691 17.3439 13.2217 17.3251C13.0743 17.3063 12.9373 17.2391 12.8323 17.1339L11.4984 15.8007C13.4645 14.5619 15.1696 12.951 16.5181 11.0585Z"/></svg>

docs/assets/images/icons/usage.svg

@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M1.8 3.6H0V16.2C0 17.19 0.81 18 1.8 18H14.4V16.2H1.8V3.6ZM16.2 0H5.4C4.41 0 3.6 0.81 3.6 1.8V12.6C3.6 13.59 4.41 14.4 5.4 14.4H16.2C17.19 14.4 18 13.59 18 12.6V1.8C18 0.81 17.19 0 16.2 0ZM16.2 9L13.95 7.65L11.7 9V1.8H16.2V9Z" fill="black"/>
+</svg>

docs/assets/images/icons/wrench.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" aria-hidden="true"><path d="M22.7 19l-9.1-9.1c.9-2.3.4-5-1.5-6.9-2-2-5-2.4-7.4-1.3L9 6 6 9 1.6 4.7C.4 7.1.9 10.1 2.9 12.1c1.9 1.9 4.6 2.4 6.9 1.5l9.1 9.1c.4.4 1 .4 1.4 0l2.3-2.3c.5-.4.5-1.1.1-1.4z"></path></svg>

docs/collaboration.md

@@ -60,6 +60,6 @@ As `code-server` is based on VS Code, you can follow the steps described on Duck
    code-server --enable-proposed-api genuitecllc.codetogether
    ```
 
-   Another option would be to add a value in code-server's [config file](https://coder.com/docs/code-server/v4.0.2/FAQ#how-does-the-config-file-work).
+   Another option would be to add a value in code-server's [config file](https://coder.com/docs/code-server/v4.6.0/FAQ#how-does-the-config-file-work).
 
 3. Refresh code-server and navigate to the CodeTogether icon in the sidebar to host or join a coding session.

docs/guide.md

@@ -16,6 +16,7 @@
   - [Stripping `/proxy/<port>` from the request path](#stripping-proxyport-from-the-request-path)
   - [Proxying to create a React app](#proxying-to-create-a-react-app)
   - [Proxying to a Vue app](#proxying-to-a-vue-app)
+  - [Proxying to an Angular app](#proxying-to-an-angular-app)
 - [SSH into code-server on VS Code](#ssh-into-code-server-on-vs-code)
   - [Option 1: cloudflared tunnel](#option-1-cloudflared-tunnel)
   - [Option 2: ngrok tunnel](#option-2-ngrok-tunnel)
@@ -52,7 +53,7 @@ There are several approaches to operating and exposing code-server securely:
 We highly recommend using [port forwarding via
 SSH](https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding) to access
 code-server. If you have an SSH server on your remote machine, this approach
-doesn't required additional setup.
+doesn't require any additional setup at all.
 
 The downside to SSH forwarding, however, is that you can't access code-server
 when using machines without SSH clients (such as iPads). If this applies to you,
@@ -126,8 +127,8 @@ access code-server on an iPad or do not want to use SSH port forwarding.
 
 ```console
 sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
-curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/cfg/gpg/gpg.155B6D79CA56EA34.key' | sudo apt-key add -
-curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/cfg/setup/config.deb.txt?distro=debian&version=any-version' | sudo tee -a /etc/apt/sources.list.d/caddy-stable.list
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
 sudo apt update
 sudo apt install caddy
 ```
@@ -382,6 +383,15 @@ module.exports = {
 
 Read more about `publicPath` in the [Vue.js docs](https://cli.vuejs.org/config/#publicpath)
 
+### Proxying to an Angular app
+
+In order to use code-server's built-in proxy with Angular, you need to make the following changes in your app:
+
+1. use `<base href="./.">` in `src/index.html`
+2. add `--serve-path /absproxy/4200` to `ng serve` in your `package.json`
+
+For additional context, see [this GitHub Discussion](https://github.com/coder/code-server/discussions/5439#discussioncomment-3371983).
+
 ## SSH into code-server on VS Code
 
 [![SSH](https://img.shields.io/badge/SSH-363636?style=for-the-badge&logo=GNU+Bash&logoColor=ffffff)](https://ohmyz.sh/) [![Terminal](https://img.shields.io/badge/Terminal-2E2E2E?style=for-the-badge&logo=Windows+Terminal&logoColor=ffffff)](https://img.shields.io/badge/Terminal-2E2E2E?style=for-the-badge&logo=Windows+Terminal&logoColor=ffffff) [![Visual Studio Code](https://img.shields.io/badge/Visual_Studio_Code-007ACC?style=for-the-badge&logo=Visual+Studio+Code&logoColor=ffffff)](vscode:extension/ms-vscode-remote.remote-ssh)

docs/helm.md

@@ -1,6 +1,6 @@
 # code-server Helm Chart
 
-[![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square)](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) [![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![AppVersion: 4.0.2](https://img.shields.io/badge/AppVersion-4.0.2-informational?style=flat-square)](https://img.shields.io/badge/AppVersion-4.0.2-informational?style=flat-square)
+[![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square)](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) [![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)](https://img.shields.io/badge/Type-application-informational?style=flat-square) [![AppVersion: 4.6.0](https://img.shields.io/badge/AppVersion-4.6.0-informational?style=flat-square)](https://img.shields.io/badge/AppVersion-4.6.0-informational?style=flat-square)
 
 [code-server](https://github.com/coder/code-server) code-server is VS Code running
 on a remote server, accessible through the browser.
@@ -73,7 +73,7 @@ and their default values.
 | hostnameOverride                            | string | `""`                     |
 | image.pullPolicy                            | string | `"Always"`               |
 | image.repository                            | string | `"codercom/code-server"` |
-| image.tag                                   | string | `"4.0.2"`                |
+| image.tag                                   | string | `"4.6.0"`                |
 | imagePullSecrets                            | list   | `[]`                     |
 | ingress.enabled                             | bool   | `false`                  |
 | nameOverride                                | string | `""`                     |

docs/install.md

@@ -9,6 +9,7 @@
 - [Debian, Ubuntu](#debian-ubuntu)
 - [Fedora, CentOS, RHEL, SUSE](#fedora-centos-rhel-suse)
 - [Arch Linux](#arch-linux)
+- [Artix Linux](#artix-linux)
 - [macOS](#macos)
 - [Docker](#docker)
 - [Helm](#helm)
@@ -190,6 +191,72 @@ sudo systemctl enable --now code-server@$USER
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
 
+## Artix Linux
+
+```bash
+# Install code-server from the AUR
+git clone https://aur.archlinux.org/code-server.git
+cd code-server
+makepkg -si
+```
+
+Save the file as `code-server` in `/etc/init.d/` and make it executable with `chmod +x code-server`. Put your username in line 3.
+
+```bash
+#!/sbin/openrc-run
+name=$RC_SVCNAME
+description="$name - VS Code on a remote server"
+user="" # your username here
+homedir="/home/$user"
+command="$(which code-server)"
+# Just because you can do this does not mean you should. Use ~/.config/code-server/config.yaml instead
+#command_args="--extensions-dir $homedir/.local/share/$name/extensions --user-data-dir $homedir/.local/share/$name --disable-telemetry"
+command_user="$user:$user"
+pidfile="/run/$name/$name.pid"
+command_background="yes"
+extra_commands="report"
+
+depend() {
+  use logger dns
+  need net
+}
+
+start_pre() {
+  checkpath --directory --owner $command_user --mode 0755 /run/$name /var/log/$name
+}
+
+start() {
+  default_start
+  report
+}
+
+stop() {
+  default_stop
+}
+
+status() {
+  default_status
+  report
+}
+
+report() {
+  # Report to the user
+  einfo "Reading configuration from ~/.config/code-server/config.yaml"
+}
+```
+
+Start on boot with default runlevel
+
+```
+rc-update add code-server default
+```
+
+Start the service immediately
+
+```
+rc-service code-server start
+```
+
 ## macOS
 
 ```bash
@@ -237,6 +304,8 @@ We currently [do not publish Windows releases](https://github.com/coder/code-ser
 We recommend installing code-server onto Raspberry Pi with [`yarn` or
 `npm`](#yarn-npm).
 
+If you see an error related to `node-gyp` during installation, See [#5174](https://github.com/coder/code-server/issues/5174) for more information.
+
 ## Termux
 
 Please see code-server's [Termux docs](./termux.md#installation) for more

docs/ios.md

@@ -1,7 +1,9 @@
 # Using code-server on iOS with iSH
 
 1. Install iSH from the [App Store](https://apps.apple.com/us/app/ish-shell/id1436902243)
-2. Install `curl` with `apk add curl`
-3. Install code-server with `curl -fsSL https://code-server.dev/install.sh | sh`
-4. Run code-server with `code-server`
-5. Access on localhost:8080 in your browser
+2. Install `curl` and `nano` with `apk add curl nano`
+3. Configure iSH to use an earlier version of NodeJS with `nano /etc/apk/repositories` and edit `v3.14` to `v3.12` on both repository links.
+4. Install `nodejs` and `npm` with `apk add nodejs npm`
+5. Install code-server with `curl -fsSL https://code-server.dev/install.sh | sh`
+6. Run code-server with `code-server`
+7. Access on localhost:8080 in your browser

docs/manifest.json

@@ -1,22 +1,22 @@
 {
-  "versions": ["v4.0.2"],
+  "versions": ["v4.6.0"],
   "routes": [
     {
       "title": "Home",
       "description": "Learn how to install and run code-server.",
       "path": "./README.md",
-      "icon": "<svg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16px\" xml:space=\"preserve\"><path d=\"M15.45,7L14,5.551V2c0-0.55-0.45-1-1-1h-1c-0.55,0-1,0.45-1,1v0.553L9,0.555C8.727,0.297,8.477,0,8,0S7.273,0.297,7,0.555  L0.55,7C0.238,7.325,0,7.562,0,8c0,0.563,0.432,1,1,1h1v6c0,0.55,0.45,1,1,1h3v-5c0-0.55,0.45-1,1-1h2c0.55,0,1,0.45,1,1v5h3  c0.55,0,1-0.45,1-1V9h1c0.568,0,1-0.437,1-1C16,7.562,15.762,7.325,15.45,7z\"></path></svg>"
+      "icon_path": "assets/images/icons/home.svg"
     },
     {
       "title": "Requirements",
       "description": "Learn about what you need to run code-server.",
-      "icon": "<svg width=\"20\" height=\"20\" viewBox=\"0 0 20 20\" fill=\"none\" xmlns=\"http://www.w3.org/2000/svg\"><path d=\"M6 2V11H2V15C2 16.7 3.3 18 5 18H15C16.7 18 18 16.7 18 15V2H6ZM16 15C16 15.6 15.6 16 15 16H8V4H16V15Z\" /><path d=\"M14 7H10V9H14V7Z\" /><path d=\"M14 11H10V13H14V11Z\" /></svg>",
+      "icon_path": "assets/images/icons/requirements.svg",
       "path": "./requirements.md"
     },
     {
       "title": "Install",
       "description": "How to install code-server.",
-      "icon": "<svg class=\"MuiSvgIcon-root jss172\" focusable=\"false\" viewBox=\"0 0 24 24\" aria-hidden=\"true\"><path d=\"M22.7 19l-9.1-9.1c.9-2.3.4-5-1.5-6.9-2-2-5-2.4-7.4-1.3L9 6 6 9 1.6 4.7C.4 7.1.9 10.1 2.9 12.1c1.9 1.9 4.6 2.4 6.9 1.5l9.1 9.1c.4.4 1 .4 1.4 0l2.3-2.3c.5-.4.5-1.1.1-1.4z\"></path></svg>",
+      "icon_path": "assets/images/icons/wrench.svg",
       "path": "./install.md",
       "children": [
         {
@@ -34,7 +34,7 @@
     {
       "title": "Usage",
       "description": "How to set up and use code-server.",
-      "icon": "<svg viewBox=\"0 0 16 16\" xmlns=\"http://www.w3.org/2000/svg\"><path d=\"M4 6H2v14c0 1.1.9 2 2 2h14v-2H4V6zm16-4H8c-1.1 0-2 .9-2 2v12c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V4c0-1.1-.9-2-2-2zm0 10l-2.5-1.5L15 12V4h5v8z\"></path></svg>",
+      "icon_path": "assets/images/icons/usage.svg",
       "path": "./guide.md",
       "children": [
         {
@@ -67,25 +67,25 @@
     {
       "title": "Collaboration",
       "description": "How to setup real time collaboration using code server.",
-      "icon": "<svg width=\"20\" height=\"20\" viewBox=\"0 0 20 20\" fill=\"none\" xmlns=\"http://www.w3.org/2000/svg\"> <path d=\"M12.2 13.4357L9.5 11.4357C10.4 10.7357 11 9.7357 11 8.5357V7.7357C11 5.8357 9.6 4.1357 7.7 4.0357C5.7 3.9357 4 5.5357 4 7.5357V8.5357C4 9.7357 4.6 10.7357 5.5 11.4357L2.8 13.5357C2.3 13.9357 2 14.5357 2 15.1357V17.0357C2 17.6357 2.4 18.0357 3 18.0357H12C12.6 18.0357 13 17.6357 13 17.0357V15.0357C13 14.4357 12.7 13.8357 12.2 13.4357Z\"/> <path d=\"M17.1 8.43436L15.3 7.23436C15.7 6.83436 16 6.23436 16 5.53436V4.63436C16 3.43436 15.1 2.23436 13.9 2.03436C12.7 1.83436 11.7 2.53436 11.2 3.43436C12.3 4.43436 13 5.83436 13 7.43436V8.43436C13 9.33436 12.8 10.2344 12.4 10.9344C12.4 10.9344 13.6 11.8344 13.6 11.9344H17C17.6 11.9344 18 11.5344 18 10.9344V10.1344C18 9.43436 17.7 8.83436 17.1 8.43436Z\"/></svg>",
+      "icon_path": "assets/images/icons/collab.svg",
       "path": "./collaboration.md"
     },
     {
       "title": "Upgrade",
       "description": "How to upgrade code-server.",
-      "icon": "<svg width=\"20\" height=\"20\" viewBox=\"0 0 20 20\" fill=\"none\" xmlns=\"http://www.w3.org/2000/svg\"><path d=\"M17.8049 2.19795C17.7385 2.1311 17.6587 2.07899 17.5708 2.04504C17.4829 2.01108 17.3889 1.99604 17.2948 2.00089C7.89216 2.49153 4.4188 10.8673 4.38528 10.9517C4.33624 11.0736 4.32406 11.2071 4.35028 11.3358C4.3765 11.4645 4.43995 11.5827 4.53274 11.6756L8.32449 15.4674C8.41787 15.5606 8.53669 15.6242 8.66606 15.6502C8.79543 15.6762 8.92959 15.6634 9.05174 15.6135C9.13552 15.5793 17.4664 12.0671 17.9986 2.7087C18.0039 2.61474 17.9895 2.5207 17.9561 2.4327C17.9227 2.3447 17.8712 2.26471 17.8049 2.19795ZM12.3314 9.56427C12.1439 9.75179 11.9051 9.87951 11.645 9.93126C11.385 9.98302 11.1154 9.9565 10.8704 9.85505C10.6254 9.7536 10.4161 9.58178 10.2687 9.36131C10.1214 9.14085 10.0428 8.88166 10.0428 8.6165C10.0428 8.35135 10.1214 8.09215 10.2687 7.87169C10.4161 7.65123 10.6254 7.47941 10.8704 7.37796C11.1154 7.27651 11.385 7.24998 11.645 7.30174C11.9051 7.3535 12.1439 7.48121 12.3314 7.66873C12.5827 7.92012 12.7239 8.26104 12.7239 8.6165C12.7239 8.97197 12.5827 9.31288 12.3314 9.56427Z\"/><path d=\"M2.74602 14.5444C2.92281 14.3664 3.133 14.2251 3.36454 14.1285C3.59608 14.0319 3.8444 13.9819 4.09529 13.9815C4.34617 13.9811 4.59466 14.0.12 4.82653 14.126C5.05839 14.2218 5.26907 14.3624 5.44647 14.5398C5.62386 14.7172 5.7645 14.9279 5.86031 15.1598C5.95612 15.3916 6.00522 15.6401 6.00479 15.891C6.00437 16.1419 5.95442 16.3902 5.85782 16.6218C5.76122 16.8533 5.61987 17.0635 5.44186 17.2403C4.69719 17.985 2 18.0004 2 18.0004C2 18.0004 2 15.2884 2.74602 14.5444Z\"/><path d=\"M8.9416 3.48269C7.99688 3.31826 7.02645 3.38371 6.11237 3.67352C5.19828 3.96332 4.36741 4.46894 3.68999 5.14765C3.33153 5.50944 3.01988 5.91477 2.76233 6.35415C2.68692 6.4822 2.6562 6.63169 2.67501 6.77911C2.69381 6.92652 2.76108 7.06351 2.86623 7.16853L4.1994 8.50238C5.43822 6.53634 7.04911 4.83119 8.9416 3.48269Z\"/><path d=\"M16.5181 11.0585C16.6825 12.0033 16.6171 12.9737 16.3273 13.8878C16.0375 14.8019 15.5318 15.6327 14.8531 16.3101C14.4914 16.6686 14.086 16.9803 13.6466 17.2378C13.5186 17.3132 13.3691 17.3439 13.2217 17.3251C13.0743 17.3063 12.9373 17.2391 12.8323 17.1339L11.4984 15.8007C13.4645 14.5619 15.1696 12.951 16.5181 11.0585Z\"/></svg>",
+      "icon_path": "assets/images/icons/upgrade.svg",
       "path": "./upgrade.md"
     },
     {
       "title": "FAQ",
       "description": "Frequently asked questions on installing and running code-server.",
-      "icon": "<svg width=\"20\" height=\"20\" viewBox=\"0 0 20 20\" xmlns=\"http://www.w3.org/2000/svg\"><path d=\"M10.0001 18.3333C14.6025 18.3333 18.3334 14.6024 18.3334 10C18.3334 5.39762 14.6025 1.66666 10.0001 1.66666C5.39771 1.66666 1.66675 5.39762 1.66675 10C1.66675 14.6024 5.39771 18.3333 10.0001 18.3333Z\" stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/><path d=\"M7.57495 7.5C7.77087 6.94306 8.15758 6.47342 8.66658 6.17428C9.17558 5.87513 9.77403 5.76578 10.3559 5.86559C10.9378 5.96541 11.4656 6.26794 11.8458 6.71961C12.2261 7.17128 12.4342 7.74294 12.4333 8.33333C12.4333 10 9.93328 10.8333 9.93328 10.8333\" stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/><path d=\"M10 14.1667H10.0083\" stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/></svg>",
+      "icon_path": "assets/images/icons/faq.svg",
       "path": "./FAQ.md"
     },
     {
       "title": "Contributing",
       "description": "How to contribute to code-server.",
-      "icon": "<svg width=\"20\" height=\"20\" fill=\"none\" viewBox=\"0 0 20 20\" xmlns=\"http://www.w3.org/2000/svg\"><path d=\"M5 2.5V12.5\" stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/><path d=\"M15 7.5C16.3807 7.5 17.5 6.38071 17.5 5C17.5 3.61929 16.3807 2.5 15 2.5C13.6193 2.5 12.5 3.61929 12.5 5C12.5 6.38071 13.6193 7.5 15 7.5Z\" stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/><path d=\"M5 17.5C6.38071 17.5 7.5 16.3807 7.5 15C7.5 13.6193 6.38071 12.5 5 12.5C3.61929 12.5 2.5 13.6193 2.5 15C2.5 16.3807 3.61929 17.5 5 17.5Z\" stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/><path d=\"M15 7.5C15 9.48912 14.2098 11.3968 12.8033 12.8033C11.3968 14.2098 9.48912 15 7.5 15\" stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"/></svg>",
+      "icon_path": "assets/images/icons/contributing.svg",
       "path": "./CONTRIBUTING.md",
       "children": [
         {

docs/npm.md

@@ -22,8 +22,8 @@ includes installing instructions based on your operating system.
 
 ## Node.js version
 
-We use the same major version of Node.js shipped with VSCode's Electron,
-which is currently `14.x`. VS Code also [lists Node.js
+We use the same major version of Node.js shipped with Code's remote, which is
+currently `16.x`. VS Code also [lists Node.js
 requirements](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites).
 
 Using other versions of Node.js [may lead to unexpected
@@ -72,7 +72,7 @@ Proceed to [installing](#installing)
 ## FreeBSD
 
 ```sh
-pkg install -y git python npm-node14 yarn-node14 pkgconf
+pkg install -y git python npm-node16 yarn-node16 pkgconf
 pkg install -y libinotify
 ```
 

docs/requirements.md

@@ -21,7 +21,7 @@ for communication between the browser and the server.
 The following steps walk you through setting up a VM running Debian using Google
 Cloud (though you are welcome to use any machine or VM provider).
 
-If you're [signing up with Google](https://console.cloud.google.com/getting-started) for the first time, you should get a 12-month trial with
+If you're [signing up with Google](https://console.cloud.google.com/getting-started) for the first time, you should get a 3-month trial with
 $300 of credits.
 
 After you sign up and create a new Google Cloud Provider (GCP) project, create a

docs/termux.md

@@ -3,6 +3,7 @@
 # Termux
 
 - [Install](#install)
+- [Yarn Installation](#yarn-installation)
 - [Upgrade](#upgrade)
 - [Known Issues](#known-issues)
   - [Git won't work in `/sdcard`](#git-wont-work-in-sdcard)
@@ -10,40 +11,45 @@
   - [Create a new user](#create-a-new-user)
   - [Install Go](#install-go)
   - [Install Python](#install-python)
+  - [Working with PRoot](#working-with-proot)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
 ## Install
 
 1. Get [Termux](https://f-droid.org/en/packages/com.termux/) from **F-Droid**.
-2. Install Debian by running the following.
+2. Install Debian by running the following:
    - Run `termux-setup-storage` to allow storage access, or else code-server won't be able to read from `/sdcard`.\
-      If you used the Andronix command then you may have to edit the `start-debian.sh` script to mount `/sdcard` just as simple as uncommenting the `command+=" -b /sdcard"` line.
-     > The following command was extracted from [Andronix](https://andronix.app/) you can also use [proot-distro](https://github.com/termux/proot-distro).
+     > The following command is from [proot-distro](https://github.com/termux/proot-distro), but you can also use [Andronix](https://andronix.app/).
      > After Debian is installed the `~ $` will change to `root@localhost`.
 
 ```bash
-pkg update -y && pkg install wget curl proot tar -y && wget https://raw.githubusercontent.com/AndronixApp/AndronixOrigin/master/Installer/Debian/debian.sh -O debian.sh && chmod +x debian.sh && bash debian.sh
+pkg update -y && pkg install proot-distro -y && proot-distro install debian && proot-distro login debian
 ```
 
-3. Run the following commands to setup Debian.
+3. Run the following commands to setup Debian:
 
 ```bash
-apt update
-apt upgrade -y
-apt-get install nano vim sudo curl wget git -y
+apt update && apt upgrade -y && apt-get install sudo vim git -y
 ```
 
-4. Install [NVM](https://github.com/nvm-sh/nvm) by following the install guide in the README, just a curl/wget command.
-5. Set up NVM for multi-user. After installing NVM it automatically adds the necessary commands for it to work, but it will only work if you are logged in as root;
+4. Install [NVM](https://github.com/nvm-sh/nvm#install--update-script) by following the install guide in the README, just a curl/wget command.
+
+5. Set up NVM for multi-user. After installing NVM it automatically adds the necessary commands for it to work, but it will only work if you are logged in as root:
 
    - Copy the lines NVM asks you to run after running the install script.
    - Run `nano /root/.bashrc` and comment out those lines by adding a `#` at the start.
-   - Run `nano /etc/profile` and paste those lines at the end and make sure to replace `$HOME` with `/root`
-   - Now run `exit` and start Debain again.
+   - Run `nano /etc/profile` and paste those lines at the end of the file. Make sure to replace `$HOME` with `/root` on the first line.
+   - Now run `exit`
+   - Start Debian again `proot-distro login debian`
 
-6. After following the instructions and setting up NVM you can now install the [required node version](https://coder.com/docs/code-server/latest/npm#nodejs-version) using `nvm install version_here`.
-7. To install `code-server` run the following.
+6. After following the instructions and setting up NVM you can now install the [required node version](https://coder.com/docs/code-server/latest/npm#nodejs-version) by running:
+
+```bash
+nvm install v<major_version_here>
+```
+
+7. To install `code-server` run the following:
    > To check the install process (Will not actually install code-server)
    > If it all looks good, you can install code-server by running the second command
 
@@ -60,6 +66,59 @@ curl -fsSL https://code-server.dev/install.sh | sh
 > Consider using a new user instead of root, read [here](https://www.howtogeek.com/124950/htg-explains-why-you-shouldnt-log-into-your-linux-system-as-root/) why using root is not recommended.\
 > Learn how to add a user [here](#create-a-new-user).
 
+## Yarn Installation
+
+1. Get [Termux](https://f-droid.org/en/packages/com.termux/) from **F-Droid**.
+
+2. We will now change using the following command.
+
+```sh
+termux-change-repo
+```
+
+Now select `Main Repository` then change repo to `Mirrors by Grimler Hosted on grimler.se`.
+
+3. After successfully updating of repository update and upgrade all the packages by the following command
+
+```sh
+pkg update
+pkg upgrade -y
+```
+
+4. Now let's install requirement dependancy.
+
+```sh
+pkg install -y \
+  build-essential \
+  binutils \
+  pkg-config \
+  python3 \
+  yarn \
+  nodejs-lts
+npm config set python python3
+node -v
+```
+
+you will get node version `v16.15.0`
+
+5. Now install code-server
+
+```sh
+yarn global add code-server
+```
+
+6. Congratulation code-server is installed on your device using the following command.
+
+```sh
+code-server --auth none
+```
+
+7. If already installed then use the following command for upgradation.
+
+```
+yarn upgrade code-server
+```
+
 ## Upgrade
 
 1. Remove all previous installs `rm -rf ~/.local/lib/code-server-*`
@@ -82,11 +141,11 @@ Potential Workaround :
 
 To create a new user follow these simple steps -
 
-1. Create a new user by running `useradd username -m`.
-2. Change the password by running `passwd username`.
-3. Give your new user sudo access by runnning `visudo`, scroll down to `User privilege specification` and add the following line after root `username ALL=(ALL:ALL) ALL`.
-4. Now edit the `/etc/passwd` file with your commadline editor of choice and at the end of the line that specifies your user change `/bin/sh` to `/bin/bash`.
-5. Now switch users, by running `su - username`
+1. Create a new user by running `useradd <username> -m`.
+2. Change the password by running `passwd <username>`.
+3. Give your new user sudo access by running `visudo`, scroll down to `User privilege specification` and add the following line after root `username ALL=(ALL:ALL) ALL`.
+4. Now edit the `/etc/passwd` file with your command line editor of choice and at the end of the line that specifies your user change `/bin/sh` to `/bin/bash`.
+5. Now switch users by running `su - <username>`
 
 - Remember the `-` betweeen `su` and username is required to execute `/etc/profile`,\
   since `/etc/profile` may have some necessary things to be executed you should always add a `-`.
@@ -95,7 +154,7 @@ To create a new user follow these simple steps -
 
 > From https://golang.org/doc/install
 
-1. Go to https://golang.org/dl/ and copy the download link for `linux arm` and run the following.
+1. Go to https://golang.org/dl/ and copy the download link for `linux arm` and run the following:
 
 ```bash
 wget download_link
@@ -115,7 +174,7 @@ rm -rf /usr/local/go && tar -C /usr/local -xzf archive_name
 
 > Run these commands as root
 
-1. Run the following command to install required packages to build python.
+1. Run the following commands to install required packages to build python:
 
 ```bash
 sudo apt-get update
@@ -124,13 +183,13 @@ sudo apt-get install make build-essential libssl-dev zlib1g-dev \
   libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev
 ```
 
-2. Install [pyenv](https://github.com/pyenv/pyenv/) from [pyenv-installer](https://github.com/pyenv/pyenv-installer) by running.
+2. Install [pyenv](https://github.com/pyenv/pyenv/) from [pyenv-installer](https://github.com/pyenv/pyenv-installer) by running:
 
 ```bash
 curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
 ```
 
-3. Run `nano /etc/profile` and add the following
+3. Run `nano /etc/profile` and add the following:
 
 ```bash
 export PYENV_ROOT="/root/.pyenv"
@@ -139,10 +198,42 @@ eval "$(pyenv init --path)"
 eval "$(pyenv virtualenv-init -)"
 ```
 
-4. Exit start Debian again.
+4. Exit and start Debian again.
 5. Run `pyenv versions` to list all installable versions.
 6. Run `pyenv install version` to install the desired python version.
    > The build process may take some time (an hour or 2 depending on your device).
 7. Run `touch /root/.pyenv/version && echo "your_version_here" > /root/.pyenv/version`
 8. (You may have to start Debian again) Run `python3 -V` to verify if PATH works or not.
    > If `python3` doesn't work but pyenv says that the install was successful in step 6 then try running `$PYENV_ROOT/versions/your_version/bin/python3`.
+
+### Working with PRoot
+
+Debian PRoot Distro Dev Environment
+
+- Since Node and code-server are installed in the Debian PRoot distro, your `~/.ssh/` configuration, `~/.bashrc`, git, npm packages, etc. should be setup in PRoot as well.
+- The terminal accessible in code-server will bring up the filesystem and `~/.bashrc` in the Debian PRoot distro.
+
+Accessing files in the Debian PRoot Distro
+
+- The `/data/data/com.termux/files/home` directory in PRoot accesses the termux home directory (`~`)
+- The `/sdcard` directory in PRoot accesses the Android storage directory, though there are [known issues with git and files in the `/sdcard` path](#git-wont-work-in-sdcard)
+
+Accessing the Debian PRoot distro/Starting code-server
+
+- Run the following command to access the Debian PRoot distro, from the termux shell:
+
+```bash
+proot-distro login debian
+```
+
+- Run the following command to start code-server directly in the Debian PRoot distro, from the termux shell:
+
+```bash
+proot-distro login debian -- code-server
+```
+
+- If you [created a new user](#create-a-new-user), you'll need to insert the `--user <username>` option between `login` and `debian` in the commands above to run as the user instead of root in PRoot.
+
+Additional information on PRoot and Termux
+
+- Additional information on using your Debian PRoot Distro can be [found here](https://github.com/termux/proot-distro#functionality-overview).

install.sh

@@ -55,7 +55,7 @@ The detection method works as follows:
   - Debian, Ubuntu, Raspbian: install the deb package from GitHub.
   - Fedora, CentOS, RHEL, openSUSE: install the rpm package from GitHub.
   - Arch Linux: install from the AUR (which pulls releases from GitHub).
-  - FreeBSD, Alpine: install from yarn/npm.
+  - FreeBSD, Alpine: install from npm.
   - macOS: install using Homebrew if installed otherwise install from GitHub.
   - All others: install the release from GitHub.
 
@@ -419,19 +419,9 @@ install_npm() {
   echoh "Installing latest from npm."
   echoh
 
-  YARN_PATH="${YARN_PATH-yarn}"
   NPM_PATH="${YARN_PATH-npm}"
-  if command_exists "$YARN_PATH"; then
-    sh_c="sh_c"
-    if [ ! "${DRY_RUN-}" ] && [ ! -w "$($YARN_PATH global bin)" ]; then
-      sh_c="sudo_sh_c"
-    fi
-    echoh "Installing with yarn."
-    echoh
-    "$sh_c" "$YARN_PATH" global add code-server --unsafe-perm
-    NPM_BIN_DIR="\$($YARN_PATH global bin)" echo_npm_postinstall
-    return
-  elif command_exists "$NPM_PATH"; then
+
+  if command_exists "$NPM_PATH"; then
     sh_c="sh_c"
     if [ ! "${DRY_RUN-}" ] && [ ! -w "$(NPM_PATH config get prefix)" ]; then
       sh_c="sudo_sh_c"
@@ -442,9 +432,9 @@ install_npm() {
     NPM_BIN_DIR="\$($NPM_PATH bin -g)" echo_npm_postinstall
     return
   fi
-  echoerr "Please install npm or yarn to install code-server!"
+  echoerr "Please install npm to install code-server!"
   echoerr "You will need at least node v12 and a few C dependencies."
-  echoerr "See the docs https://coder.com/docs/code-server/latest/install#yarn-npm"
+  echoerr "See the docs https://coder.com/docs/code-server/latest/install#npm"
 
   exit 1
 }

package.json

@@ -1,7 +1,7 @@
 {
   "name": "code-server",
   "license": "MIT",
-  "version": "4.0.2",
+  "version": "4.6.0",
   "description": "Run VS Code on a remote server.",
   "homepage": "https://github.com/coder/code-server",
   "bugs": {
@@ -18,20 +18,21 @@
     "release:github-assets": "./ci/build/release-github-assets.sh",
     "release:prep": "./ci/build/release-prep.sh",
     "test:e2e": "VSCODE_IPC_HOOK_CLI= ./ci/dev/test-e2e.sh",
-    "test:standalone-release": "./ci/build/test-standalone-release.sh",
+    "test:e2e:proxy": "USE_PROXY=1 ./ci/dev/test-e2e.sh",
     "test:unit": "./ci/dev/test-unit.sh --forceExit --detectOpenHandles",
+    "test:integration": "./ci/dev/test-integration.sh",
     "test:scripts": "./ci/dev/test-scripts.sh",
     "package": "./ci/build/build-packages.sh",
     "postinstall": "./ci/dev/postinstall.sh",
     "publish:npm": "./ci/steps/publish-npm.sh",
+    "publish:docker": "./ci/steps/docker-buildx-push.sh",
     "_audit": "./ci/dev/audit.sh",
     "fmt": "./ci/dev/fmt.sh",
     "lint": "./ci/dev/lint.sh",
     "test": "echo 'Run yarn test:unit or yarn test:e2e' && exit 1",
     "ci": "./ci/dev/ci.sh",
     "watch": "VSCODE_DEV=1 VSCODE_IPC_HOOK_CLI= NODE_OPTIONS='--max_old_space_size=32384 --trace-warnings' ts-node ./ci/dev/watch.ts",
-    "icons": "./ci/dev/gen_icons.sh",
-    "coverage": "codecov"
+    "icons": "./ci/dev/gen_icons.sh"
   },
   "main": "out/node/entry.js",
   "devDependencies": {
@@ -41,35 +42,36 @@
     "@types/express": "^4.17.8",
     "@types/http-proxy": "^1.17.4",
     "@types/js-yaml": "^4.0.0",
-    "@types/node": "^14.17.1",
+    "@types/node": "^16.0.0",
     "@types/pem": "^1.9.5",
     "@types/proxy-from-env": "^1.0.1",
     "@types/safe-compare": "^1.1.0",
     "@types/semver": "^7.1.0",
     "@types/split2": "^3.2.0",
     "@types/trusted-types": "^2.0.2",
-    "@types/ws": "^8.0.0",
-    "@typescript-eslint/eslint-plugin": "^5.0.0",
-    "@typescript-eslint/parser": "^5.0.0",
-    "audit-ci": "^5.0.0",
-    "codecov": "^3.8.3",
+    "@types/ws": "^8.5.3",
+    "@typescript-eslint/eslint-plugin": "^5.23.0",
+    "@typescript-eslint/parser": "^5.23.0",
+    "audit-ci": "^6.0.0",
     "doctoc": "^2.0.0",
     "eslint": "^7.7.0",
     "eslint-config-prettier": "^8.1.0",
     "eslint-import-resolver-typescript": "^2.5.0",
     "eslint-plugin-import": "^2.18.2",
     "eslint-plugin-prettier": "^4.0.0",
+    "json": "^11.0.0",
     "prettier": "^2.2.1",
-    "prettier-plugin-sh": "^0.8.0",
+    "prettier-plugin-sh": "^0.12.0",
     "shellcheck": "^1.0.0",
     "stylelint": "^13.0.0",
     "stylelint-config-recommended": "^5.0.0",
+    "synp": "^1.9.10",
     "ts-node": "^10.0.0",
-    "typescript": "^4.4.0-dev.20210528"
+    "typescript": "^4.6.2"
   },
   "resolutions": {
     "ansi-regex": "^5.0.1",
-    "normalize-package-data": "^3.0.0",
+    "normalize-package-data": "^4.0.0",
     "doctoc/underscore": "^1.13.1",
     "doctoc/**/trim": "^1.0.0",
     "postcss": "^8.2.1",
@@ -81,7 +83,10 @@
     "vm2": "^3.9.6",
     "follow-redirects": "^1.14.8",
     "node-fetch": "^2.6.7",
-    "nanoid": "^3.1.31"
+    "nanoid": "^3.1.31",
+    "minimist": "npm:minimist-lite@2.2.1",
+    "glob-parent": "^6.0.1",
+    "@types/node": "^16.0.0"
   },
   "dependencies": {
     "@coder/logger": "1.1.16",
@@ -96,7 +101,7 @@
     "limiter": "^1.1.5",
     "pem": "^1.14.2",
     "proxy-agent": "^5.0.0",
-    "qs": "6.10.3",
+    "qs": "6.11.0",
     "rotating-file-stream": "^3.0.0",
     "safe-buffer": "^5.1.1",
     "safe-compare": "^1.1.4",
@@ -118,7 +123,7 @@
     "browser-ide"
   ],
   "engines": {
-    "node": ">= 14"
+    "node": "16"
   },
   "jest": {
     "transform": {
@@ -127,7 +132,6 @@
     "testEnvironment": "node",
     "testPathIgnorePatterns": [
       "/node_modules/",
-      "/vendor/",
       "/lib/",
       "/out/",
       "test/e2e"
@@ -158,7 +162,7 @@
       "<rootDir>/release-npm-package",
       "<rootDir>/release-gcp",
       "<rootDir>/release-images",
-      "<rootDir>/vendor"
+      "<rootDir>/lib"
     ],
     "moduleNameMapper": {
       "^.+\\.(css|less)$": "<rootDir>/test/utils/cssStub.ts"

patches/base-path.diff

@@ -0,0 +1,302 @@
+Add base path support
+
+Some users will host code-server behind a path-rewriting reverse proxy, for
+example domain.tld/my/base/path.  This patch adds support for that since Code
+assumes everything is on / by default.
+
+To test this serve code-server behind a reverse proxy with a path like /code.
+
+Index: code-server/lib/vscode/src/vs/base/common/network.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/network.ts
++++ code-server/lib/vscode/src/vs/base/common/network.ts
+@@ -162,7 +162,9 @@ class RemoteAuthoritiesImpl {
+ 		return URI.from({
+ 			scheme: platform.isWeb ? this._preferredWebSchema : Schemas.vscodeRemoteResource,
+ 			authority: `${host}:${port}`,
+-			path: this._remoteResourcesPath,
++			path: platform.isWeb
++				? (window.location.pathname + "/" + this._remoteResourcesPath).replace(/\/\/+/g, "/")
++				: this._remoteResourcesPath,
+ 			query
+ 		});
+ 	}
+Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
++++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
+@@ -11,8 +11,8 @@
+ 		<meta name="mobile-web-app-capable" content="yes" />
+ 		<meta name="apple-mobile-web-app-capable" content="yes" />
+ 		<meta name="apple-mobile-web-app-title" content="Code">
+-		<link rel="apple-touch-icon" sizes="192x192" href="/_static/src/browser/media/pwa-icon-192.png" />
+-		<link rel="apple-touch-icon" sizes="512x512" href="/_static/src/browser/media/pwa-icon-512.png" />
++		<link rel="apple-touch-icon" sizes="192x192" href="{{BASE}}/_static/src/browser/media/pwa-icon-192.png" />
++		<link rel="apple-touch-icon" sizes="512x512" href="{{BASE}}/_static/src/browser/media/pwa-icon-512.png" />
+ 
+ 		<!-- Disable pinch zooming -->
+ 		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
+@@ -27,9 +27,9 @@
+ 		<meta id="vscode-workbench-builtin-extensions" data-settings="{{WORKBENCH_BUILTIN_EXTENSIONS}}">
+ 
+ 		<!-- Workbench Icon/Manifest/CSS -->
+-		<link rel="icon" href="/_static/src/browser/media/favicon-dark-support.svg" />
+-		<link rel="alternate icon" href="/_static/src/browser/media/favicon.ico" type="image/x-icon" />
+-		<link rel="manifest" href="/manifest.json" crossorigin="use-credentials" />
++		<link rel="icon" href="{{BASE}}/_static/src/browser/media/favicon-dark-support.svg" />
++		<link rel="alternate icon" href="{{BASE}}/_static/src/browser/media/favicon.ico" type="image/x-icon" />
++		<link rel="manifest" href="{{VS_BASE}}/manifest.json" crossorigin="use-credentials" />
+ 	</head>
+ 
+ 	<body aria-label="">
+@@ -39,7 +39,7 @@
+ 	<script src="{{WORKBENCH_WEB_BASE_URL}}/out/vs/loader.js"></script>
+ 	<script src="{{WORKBENCH_WEB_BASE_URL}}/out/vs/webPackagePaths.js"></script>
+ 	<script>
+-		const baseUrl = new URL('{{WORKBENCH_WEB_BASE_URL}}', window.location.origin).toString();
++		const baseUrl = new URL('{{WORKBENCH_WEB_BASE_URL}}', window.location).toString();
+ 		Object.keys(self.webPackagePaths).map(function (key, index) {
+ 			self.webPackagePaths[key] = `${baseUrl}/remote/web/node_modules/${key}/${self.webPackagePaths[key]}`;
+ 		});
+Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.html
++++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
+@@ -11,8 +11,8 @@
+ 		<meta name="mobile-web-app-capable" content="yes" />
+ 		<meta name="apple-mobile-web-app-capable" content="yes" />
+ 		<meta name="apple-mobile-web-app-title" content="Code">
+-		<link rel="apple-touch-icon" sizes="192x192" href="/_static/src/browser/media/pwa-icon-192.png" />
+-		<link rel="apple-touch-icon" sizes="512x512" href="/_static/src/browser/media/pwa-icon-512.png" />
++		<link rel="apple-touch-icon" sizes="192x192" href="{{BASE}}/_static/src/browser/media/pwa-icon-192.png" />
++		<link rel="apple-touch-icon" sizes="512x512" href="{{BASE}}/_static/src/browser/media/pwa-icon-512.png" />
+ 
+ 		<!-- Disable pinch zooming -->
+ 		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
+@@ -24,9 +24,9 @@
+ 		<meta id="vscode-workbench-auth-session" data-settings="{{WORKBENCH_AUTH_SESSION}}">
+ 
+ 		<!-- Workbench Icon/Manifest/CSS -->
+-		<link rel="icon" href="/_static/src/browser/media/favicon-dark-support.svg" />
+-		<link rel="alternate icon" href="/_static/src/browser/media/favicon.ico" type="image/x-icon" />
+-		<link rel="manifest" href="/manifest.json" crossorigin="use-credentials" />
++		<link rel="icon" href="{{BASE}}/_static/src/browser/media/favicon-dark-support.svg" />
++		<link rel="alternate icon" href="{{BASE}}/_static/src/browser/media/favicon.ico" type="image/x-icon" />
++		<link rel="manifest" href="{{VS_BASE}}/manifest.json" crossorigin="use-credentials" />
+ 		<link data-name="vs/workbench/workbench.web.main" rel="stylesheet" href="{{WORKBENCH_WEB_BASE_URL}}/out/vs/workbench/workbench.web.main.css">
+ 
+ 	</head>
+@@ -38,7 +38,7 @@
+ 	<script src="{{WORKBENCH_WEB_BASE_URL}}/out/vs/loader.js"></script>
+ 	<script src="{{WORKBENCH_WEB_BASE_URL}}/out/vs/webPackagePaths.js"></script>
+ 	<script>
+-		const baseUrl = new URL('{{WORKBENCH_WEB_BASE_URL}}', window.location.origin).toString();
++		const baseUrl = new URL('{{WORKBENCH_WEB_BASE_URL}}', window.location).toString();
+ 		Object.keys(self.webPackagePaths).map(function (key, index) {
+ 			self.webPackagePaths[key] = `${baseUrl}/node_modules/${key}/${self.webPackagePaths[key]}`;
+ 		});
+Index: code-server/lib/vscode/src/vs/platform/remote/browser/browserSocketFactory.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/remote/browser/browserSocketFactory.ts
++++ code-server/lib/vscode/src/vs/platform/remote/browser/browserSocketFactory.ts
+@@ -274,6 +274,7 @@ export class BrowserSocketFactory implem
+ 
+ 	connect(host: string, port: number, path: string, query: string, debugLabel: string, callback: IConnectCallback): void {
+ 		const webSocketSchema = (/^https:/.test(window.location.href) ? 'wss' : 'ws');
++		path = (window.location.pathname + "/" + path).replace(/\/\/+/g, "/")
+ 		const socket = this._webSocketFactory.create(`${webSocketSchema}://${/:/.test(host) ? `[${host}]` : host}:${port}${path}?${query}&skipWebSocketFrames=false`, debugLabel);
+ 		const errorListener = socket.onError((err) => callback(err, undefined));
+ 		socket.onOpen(() => {
+@@ -282,6 +283,3 @@ export class BrowserSocketFactory implem
+ 		});
+ 	}
+ }
+-
+-
+-
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -267,12 +267,11 @@ export class WebClientServer {
+ 			return res.end();
+ 		}
+ 
+-		const getFirstHeader = (headerName: string) => {
+-			const val = req.headers[headerName];
+-			return Array.isArray(val) ? val[0] : val;
+-		};
+-
+-		const remoteAuthority = getFirstHeader('x-original-host') || getFirstHeader('x-forwarded-host') || req.headers.host;
++		// For now we are getting the remote authority from the client to avoid
++		// needing specific configuration for reverse proxies to work.  Set this to
++		// something invalid to make sure we catch code that is using this value
++		// from the backend when it should not.
++		const remoteAuthority = 'remote';
+ 		if (!remoteAuthority) {
+ 			return serveError(req, res, 400, `Bad request.`);
+ 		}
+@@ -298,6 +297,8 @@ export class WebClientServer {
+ 			scopes: [['user:email'], ['repo']]
+ 		} : undefined;
+ 
++		const base = relativeRoot(getOriginalUrl(req))
++		const vscodeBase = relativePath(getOriginalUrl(req))
+ 
+ 		const workbenchWebConfiguration = {
+ 			remoteAuthority,
+@@ -309,6 +310,7 @@ export class WebClientServer {
+ 			workspaceUri: resolveWorkspaceURI(this._environmentService.args['default-workspace']),
+ 			productConfiguration: <Partial<IProductConfiguration>>{
+ 				codeServerVersion: this._productService.codeServerVersion,
++				rootEndpoint: base,
+ 				embedderIdentifier: 'server-distro',
+ 				extensionsGallery: this._webExtensionResourceUrlTemplate ? {
+ 					...this._productService.extensionsGallery,
+@@ -326,8 +328,10 @@ export class WebClientServer {
+ 		const values: { [key: string]: string } = {
+ 			WORKBENCH_WEB_CONFIGURATION: asJSON(workbenchWebConfiguration),
+ 			WORKBENCH_AUTH_SESSION: authSessionInfo ? asJSON(authSessionInfo) : '',
+-			WORKBENCH_WEB_BASE_URL: this._staticRoute,
+-			WORKBENCH_NLS_BASE_URL: nlsBaseUrl ? `${nlsBaseUrl}${!nlsBaseUrl.endsWith('/') ? '/' : ''}${this._productService.commit}/${this._productService.version}/` : '',
++			WORKBENCH_WEB_BASE_URL: vscodeBase + this._staticRoute,
++			WORKBENCH_NLS_BASE_URL: vscodeBase + (nlsBaseUrl ? `${nlsBaseUrl}${!nlsBaseUrl.endsWith('/') ? '/' : ''}${this._productService.commit}/${this._productService.version}/` : ''),
++			BASE: base,
++			VS_BASE: vscodeBase,
+ 		};
+ 
+ 
+@@ -344,7 +348,7 @@ export class WebClientServer {
+ 			'default-src \'self\';',
+ 			'img-src \'self\' https: data: blob:;',
+ 			'media-src \'self\';',
+-			`script-src 'self' 'unsafe-eval' ${this._getScriptCspHashes(data).join(' ')} 'sha256-fh3TwPMflhsEIpR8g1OYTIMVWhXTLcjQ9kh2tIpmv54=' http://${remoteAuthority};`, // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
++			`script-src 'self' 'unsafe-eval' ${this._getScriptCspHashes(data).join(' ')} 'sha256-fh3TwPMflhsEIpR8g1OYTIMVWhXTLcjQ9kh2tIpmv54=';`, // the sha is the same as in src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
+ 			'child-src \'self\';',
+ 			`frame-src 'self' https://*.vscode-cdn.net data:;`,
+ 			'worker-src \'self\' data:;',
+@@ -417,3 +421,70 @@ export class WebClientServer {
+ 		return res.end(data);
+ 	}
+ }
++
++/**
++ * Remove extra slashes in a URL.
++ *
++ * This is meant to fill the job of `path.join` so you can concatenate paths and
++ * then normalize out any extra slashes.
++ *
++ * If you are using `path.join` you do not need this but note that `path` is for
++ * file system paths, not URLs.
++ */
++export const normalizeUrlPath = (url: string, keepTrailing = false): string => {
++	return url.replace(/\/\/+/g, "/").replace(/\/+$/, keepTrailing ? "/" : "")
++}
++
++/**
++ * Get the relative path that will get us to the root of the page. For each
++ * slash we need to go up a directory.  Will not have a trailing slash.
++ *
++ * For example:
++ *
++ * / => .
++ * /foo => .
++ * /foo/ => ./..
++ * /foo/bar => ./..
++ * /foo/bar/ => ./../..
++ *
++ * All paths must be relative in order to work behind a reverse proxy since we
++ * we do not know the base path.  Anything that needs to be absolute (for
++ * example cookies) must get the base path from the frontend.
++ *
++ * All relative paths must be prefixed with the relative root to ensure they
++ * work no matter the depth at which they happen to appear.
++ *
++ * For Express `req.originalUrl` should be used as they remove the base from the
++ * standard `url` property making it impossible to get the true depth.
++ */
++export const relativeRoot = (originalUrl: string): string => {
++	const depth = (originalUrl.split("?", 1)[0].match(/\//g) || []).length
++	return normalizeUrlPath("./" + (depth > 1 ? "../".repeat(depth - 1) : ""))
++}
++
++/**
++ * Get the relative path to the current resource.
++ *
++ * For example:
++ *
++ * / => .
++ * /foo => ./foo
++ * /foo/ => .
++ * /foo/bar => ./bar
++ * /foo/bar/ => .
++ */
++export const relativePath = (originalUrl: string): string => {
++	const parts = originalUrl.split("?", 1)[0].split("/")
++	return normalizeUrlPath("./" + parts[parts.length - 1])
++}
++
++/**
++ * code-server serves Code using Express.  Express removes the base from the url
++ * and puts the original in `originalUrl` so we must use this to get the correct
++ * depth.  Code is not aware it is behind Express so the types do not match.  We
++ * may want to continue moving code into Code and eventually remove the Express
++ * wrapper or move the web server back into code-server.
++ */
++export const getOriginalUrl = (req: http.IncomingMessage): string => {
++	return (req as any).originalUrl || req.url
++}
+Index: code-server/lib/vscode/src/vs/base/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
++++ code-server/lib/vscode/src/vs/base/common/product.ts
+@@ -32,6 +32,7 @@ export type ExtensionVirtualWorkspaceSup
+ 
+ export interface IProductConfiguration {
+ 	readonly codeServerVersion?: string
++	readonly rootEndpoint?: string
+ 
+ 	readonly version: string;
+ 	readonly date?: string;
+Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.ts
++++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.ts
+@@ -485,6 +485,7 @@ function doCreateUri(path: string, query
+ 		});
+ 	}
+ 
++	path = (window.location.pathname + "/" + path).replace(/\/\/+/g, "/")
+ 	return URI.parse(window.location.href).with({ path, query });
+ }
+ 
+@@ -496,7 +497,7 @@ function doCreateUri(path: string, query
+ 	if (!configElement || !configElementAttribute) {
+ 		throw new Error('Missing web configuration element');
+ 	}
+-	const config: IWorkbenchConstructionOptions & { folderUri?: UriComponents; workspaceUri?: UriComponents; callbackRoute: string } = JSON.parse(configElementAttribute);
++	const config: IWorkbenchConstructionOptions & { folderUri?: UriComponents; workspaceUri?: UriComponents; callbackRoute: string } = { ...JSON.parse(configElementAttribute), remoteAuthority: location.host }
+ 
+ 	// Create workbench
+ 	create(document.body, {
+Index: code-server/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
++++ code-server/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
+@@ -16,7 +16,6 @@ import { getServiceMachineId } from 'vs/
+ import { IStorageService } from 'vs/platform/storage/common/storage';
+ import { TelemetryLevel } from 'vs/platform/telemetry/common/telemetry';
+ import { getTelemetryLevel, supportsTelemetry } from 'vs/platform/telemetry/common/telemetryUtils';
+-import { RemoteAuthorities } from 'vs/base/common/network';
+ import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
+ 
+ export const WEB_EXTENSION_RESOURCE_END_POINT = 'web-extension-resource';
+@@ -75,7 +74,7 @@ export abstract class AbstractExtensionR
+ 	public getExtensionGalleryResourceURL(galleryExtension: { publisher: string; name: string; version: string }, path?: string): URI | undefined {
+ 		if (this._extensionGalleryResourceUrlTemplate) {
+ 			const uri = URI.parse(format2(this._extensionGalleryResourceUrlTemplate, { publisher: galleryExtension.publisher, name: galleryExtension.name, version: galleryExtension.version, path: 'extension' }));
+-			return this._isWebExtensionResourceEndPoint(uri) ? uri.with({ scheme: RemoteAuthorities.getPreferredWebSchema() }) : uri;
++			return this._isWebExtensionResourceEndPoint(uri) ? URI.joinPath(URI.parse(window.location.href), uri.path) : uri;
+ 		}
+ 		return undefined;
+ 	}

patches/cli-window-open.diff

@@ -0,0 +1,96 @@
+Make opening files/folders from the terminal only open in the current instance
+
+Previously they would open in every code-server tab/window.
+
+To test:
+
+1. Run code-server
+2. Open code-server
+3. Open terminal
+4. Open another code-server window
+5. Run code-server with a file or directory argument
+
+The file or directory should only open from the instance attached to that
+terminal.
+
+Index: code-server/lib/vscode/src/vs/server/node/remoteTerminalChannel.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/remoteTerminalChannel.ts
++++ code-server/lib/vscode/src/vs/server/node/remoteTerminalChannel.ts
+@@ -89,7 +89,7 @@ export class RemoteTerminalChannel exten
+ 		uriTransformer: IURITransformer;
+ 	}>();
+ 
+-	private readonly _onExecuteCommand = this._register(new Emitter<{ reqId: number; commandId: string; commandArgs: any[] }>());
++	private readonly _onExecuteCommand = this._register(new Emitter<{ reqId: number; terminalId: number; commandId: string; commandArgs: any[] }>());
+ 	readonly onExecuteCommand = this._onExecuteCommand.event;
+ 
+ 	constructor(
+@@ -241,20 +241,20 @@ export class RemoteTerminalChannel exten
+ 		const ipcHandlePath = createRandomIPCHandle();
+ 		env.VSCODE_IPC_HOOK_CLI = ipcHandlePath;
+ 		const commandsExecuter: ICommandsExecuter = {
+-			executeCommand: <T>(id: string, ...args: any[]): Promise<T> => this._executeCommand(id, args, uriTransformer)
++			executeCommand: <T>(commandId: string, ...args: any[]): Promise<T> => this._executeCommand(terminalId, commandId, args, uriTransformer)
+ 		};
+ 		const cliServer = new CLIServerBase(commandsExecuter, this._logService, ipcHandlePath);
+ 
+-		const id = await this._ptyService.createProcess(shellLaunchConfig, initialCwd, args.cols, args.rows, args.unicodeVersion, env, baseEnv, args.options, args.shouldPersistTerminal, args.workspaceId, args.workspaceName);
+-		this._ptyService.onProcessExit(e => e.id === id && cliServer.dispose());
++		const terminalId = await this._ptyService.createProcess(shellLaunchConfig, initialCwd, args.cols, args.rows, args.unicodeVersion, env, baseEnv, args.options, args.shouldPersistTerminal, args.workspaceId, args.workspaceName);
++		this._ptyService.onProcessExit(e => e.id === terminalId && cliServer.dispose());
+ 
+ 		return {
+-			persistentTerminalId: id,
++			persistentTerminalId: terminalId,
+ 			resolvedShellLaunchConfig: shellLaunchConfig
+ 		};
+ 	}
+ 
+-	private _executeCommand<T>(commandId: string, commandArgs: any[], uriTransformer: IURITransformer): Promise<T> {
++	private _executeCommand<T>(terminalId: number, commandId: string, commandArgs: any[], uriTransformer: IURITransformer): Promise<T> {
+ 		let resolve!: (data: any) => void;
+ 		let reject!: (err: any) => void;
+ 		const result = new Promise<T>((_resolve, _reject) => {
+@@ -277,6 +277,7 @@ export class RemoteTerminalChannel exten
+ 		});
+ 		this._onExecuteCommand.fire({
+ 			reqId,
++			terminalId,
+ 			commandId,
+ 			commandArgs: serializedCommandArgs
+ 		});
+Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/browser/remoteTerminalBackend.ts
+@@ -94,10 +94,14 @@ class RemoteTerminalBackend extends Base
+ 		this._remoteTerminalChannel.onExecuteCommand(async e => {
+ 			const reqId = e.reqId;
+ 			const commandId = e.commandId;
++			const terminalId = e.terminalId;
+ 			if (!allowedCommands.includes(commandId)) {
+ 				this._remoteTerminalChannel.sendCommandResult(reqId, true, 'Invalid remote cli command: ' + commandId);
+ 				return;
+ 			}
++			if (typeof terminalId !== "undefined" && !this._ptys.has(terminalId)) {
++				return
++			}
+ 			const commandArgs = e.commandArgs.map(arg => revive(arg));
+ 			try {
+ 				const result = await this._commandService.executeCommand(e.commandId, ...commandArgs);
+Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/remoteTerminalChannel.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/common/remoteTerminalChannel.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/remoteTerminalChannel.ts
+@@ -88,8 +88,8 @@ export class RemoteTerminalChannelClient
+ 	get onProcessOrphanQuestion(): Event<{ id: number }> {
+ 		return this._channel.listen<{ id: number }>('$onProcessOrphanQuestion');
+ 	}
+-	get onExecuteCommand(): Event<{ reqId: number; commandId: string; commandArgs: any[] }> {
+-		return this._channel.listen<{ reqId: number; commandId: string; commandArgs: any[] }>('$onExecuteCommand');
++	get onExecuteCommand(): Event<{ reqId: number; terminalId: number; commandId: string; commandArgs: any[] }> {
++		return this._channel.listen<{ reqId: number; terminalId: number; commandId: string; commandArgs: any[] }>('$onExecuteCommand');
+ 	}
+ 	get onDidRequestDetach(): Event<{ requestId: number; workspaceId: string; instanceId: number }> {
+ 		return this._channel.listen<{ requestId: number; workspaceId: string; instanceId: number }>('$onDidRequestDetach');

patches/connection-type.diff

@@ -0,0 +1,26 @@
+Add connection type to web sockets
+
+This allows the backend to distinguish them.  In our case we use them to count a
+single "open" of Code so we need to be able to distinguish between web sockets
+from two instances and two web sockets used in a single instance.
+
+To test this,
+1. Run code-server
+2. Open Network tab in Browser DevTools and filter for websocket requests
+3. You should see the `type=<connection-type>` in the request url
+
+
+Index: code-server/lib/vscode/src/vs/platform/remote/common/remoteAgentConnection.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/remote/common/remoteAgentConnection.ts
++++ code-server/lib/vscode/src/vs/platform/remote/common/remoteAgentConnection.ts
+@@ -233,7 +233,8 @@ async function connectToRemoteExtensionH
+ 
+ 	let socket: ISocket;
+ 	try {
+-		socket = await createSocket(options.logService, options.socketFactory, options.host, options.port, getRemoteServerRootPath(options), `reconnectionToken=${options.reconnectionToken}&reconnection=${options.reconnectionProtocol ? 'true' : 'false'}`, `renderer-${connectionTypeToString(connectionType)}-${options.reconnectionToken}`, timeoutCancellationToken);
++
++		socket = await createSocket(options.logService, options.socketFactory, options.host, options.port, getRemoteServerRootPath(options), `type=${connectionTypeToString(connectionType)}&reconnectionToken=${options.reconnectionToken}&reconnection=${options.reconnectionProtocol ? 'true' : 'false'}`, `renderer-${connectionTypeToString(connectionType)}-${options.reconnectionToken}`, timeoutCancellationToken);
+ 	} catch (error) {
+ 		options.logService.error(`${logPrefix} socketFactory.connect() failed or timed out. Error:`);
+ 		options.logService.error(error);

patches/disable-builtin-ext-update.diff

@@ -0,0 +1,31 @@
+Prevent builtin extensions from being updated
+
+Updating builtin extensions from the marketplace prevents us from patching them
+(for example out GitHub authentication patches).
+
+Index: code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/extensions/browser/extensionsWorkbenchService.ts
+@@ -237,6 +237,10 @@ export class Extension implements IExten
+ 			if (this.type === ExtensionType.System && this.productService.quality === 'stable') {
+ 				return false;
+ 			}
++			// Do not update builtin extensions.
++			if (this.type !== ExtensionType.User) {
++				return false;
++			}
+ 			if (!this.local.preRelease && this.gallery.properties.isPreReleaseVersion) {
+ 				return false;
+ 			}
+@@ -1122,6 +1126,10 @@ export class ExtensionsWorkbenchService
+ 				// Skip if check updates only for builtin extensions and current extension is not builtin.
+ 				continue;
+ 			}
++			if (installed.type !== ExtensionType.User) {
++				// Never update builtin extensions.
++				continue;
++			}
+ 			if (installed.isBuiltin && (!installed.local?.identifier.uuid || (!isWeb && this.productService.quality === 'stable'))) {
+ 				// Skip checking updates for a builtin extension if it does not has Marketplace identifier or the current product is VS Code Desktop stable.
+ 				continue;

patches/disable-downloads.diff

@@ -0,0 +1,183 @@
+Add option to disable file downloads via CLI
+
+This patch adds support for a new CLI flag called `--disable-file-downloads`
+which allows a user to remove the "Download..." option that shows up when you
+right-click files in Code. The default value for this is `false`.
+
+To test this, start code-server with `--disable-file-downloads`, open editor,
+right-click on a file (not a folder) and you should **not** see the
+"Download..." option.
+
+Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
+@@ -267,6 +267,11 @@ export interface IWorkbenchConstructionO
+ 	 */
+ 	readonly userDataPath?: string
+ 
++	/**
++	 * Whether the "Download..." option is enabled for files.
++	 */
++	readonly isEnabledFileDownloads?: boolean
++
+ 	//#endregion
+ 
+ 
+Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+@@ -31,6 +31,11 @@ export interface IBrowserWorkbenchEnviro
+ 	 * Options used to configure the workbench.
+ 	 */
+ 	readonly options?: IWorkbenchConstructionOptions;
++
++	/**
++	 * Enable downloading files via menu actions.
++	 */
++	readonly isEnabledFileDownloads?: boolean;
+ }
+ 
+ export class BrowserWorkbenchEnvironmentService implements IBrowserWorkbenchEnvironmentService {
+@@ -62,6 +67,13 @@ export class BrowserWorkbenchEnvironment
+ 		return this.options.userDataPath;
+ 	}
+ 
++	get isEnabledFileDownloads(): boolean {
++		if (typeof this.options.isEnabledFileDownloads === "undefined") {
++			throw new Error('isEnabledFileDownloads was not provided to the browser');
++		}
++		return this.options.isEnabledFileDownloads;
++	}
++
+ 	@memoize
+ 	get argvResource(): URI { return joinPath(this.userRoamingDataHome, 'argv.json'); }
+ 
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
++++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -14,6 +14,7 @@ export const serverOptions: OptionDescri
+ 	/* ----- code-server ----- */
+ 	'disable-update-check': { type: 'boolean' },
+ 	'auth': { type: 'string' },
++	'disable-file-downloads': { type: 'boolean' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -95,6 +96,7 @@ export interface ServerParsedArgs {
+ 	/* ----- code-server ----- */
+ 	'disable-update-check'?: boolean;
+ 	'auth'?: string
++	'disable-file-downloads'?: boolean;
+ 
+ 	/* ----- server setup ----- */
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -304,6 +304,7 @@ export class WebClientServer {
+ 			remoteAuthority,
+ 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			userDataPath: this._environmentService.userDataPath,
++			isEnabledFileDownloads: !this._environmentService.args['disable-file-downloads'],
+ 			_wrapWebWorkerExtHostInIframe,
+ 			developmentOptions: {
+ 				enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined,
+Index: code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/contextkeys.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/contextkeys.ts
+@@ -7,12 +7,11 @@ import { Event } from 'vs/base/common/ev
+ import { Disposable } from 'vs/base/common/lifecycle';
+ import { IContextKeyService, IContextKey } from 'vs/platform/contextkey/common/contextkey';
+ import { InputFocusedContext, IsMacContext, IsLinuxContext, IsWindowsContext, IsWebContext, IsMacNativeContext, IsDevelopmentContext, IsIOSContext, ProductQualityContext } from 'vs/platform/contextkey/common/contextkeys';
+-import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext } from 'vs/workbench/common/contextkeys';
++import { SplitEditorsVertically, InEditorZenModeContext, ActiveEditorCanRevertContext, ActiveEditorGroupLockedContext, ActiveEditorCanSplitInGroupContext, SideBySideEditorActiveContext, AuxiliaryBarVisibleContext, SideBarVisibleContext, PanelAlignmentContext, PanelMaximizedContext, PanelVisibleContext, ActiveEditorContext, EditorsVisibleContext, TextCompareEditorVisibleContext, TextCompareEditorActiveContext, ActiveEditorGroupEmptyContext, MultipleEditorGroupsContext, EditorTabsVisibleContext, IsCenteredLayoutContext, ActiveEditorGroupIndexContext, ActiveEditorGroupLastContext, ActiveEditorReadonlyContext, EditorAreaVisibleContext, ActiveEditorAvailableEditorIdsContext, DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, IsFullscreenContext, OpenFolderWorkspaceSupportContext, RemoteNameContext, VirtualWorkspaceContext, WorkbenchStateContext, WorkspaceFolderCountContext, PanelPositionContext, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
+ import { TEXT_DIFF_EDITOR_ID, EditorInputCapabilities, SIDE_BY_SIDE_EDITOR_ID, DEFAULT_EDITOR_ASSOCIATION } from 'vs/workbench/common/editor';
+ import { trackFocus, addDisposableListener, EventType } from 'vs/base/browser/dom';
+ import { preferredSideBySideGroupDirection, GroupDirection, IEditorGroupsService } from 'vs/workbench/services/editor/common/editorGroupsService';
+ import { IConfigurationService } from 'vs/platform/configuration/common/configuration';
+-import { IWorkbenchEnvironmentService } from 'vs/workbench/services/environment/common/environmentService';
+ import { IEditorService } from 'vs/workbench/services/editor/common/editorService';
+ import { WorkbenchState, IWorkspaceContextService } from 'vs/platform/workspace/common/workspace';
+ import { IWorkbenchLayoutService, Parts, positionToString } from 'vs/workbench/services/layout/browser/layoutService';
+@@ -25,6 +24,7 @@ import { IPaneCompositePartService } fro
+ import { Schemas } from 'vs/base/common/network';
+ import { WebFileSystemAccess } from 'vs/platform/files/browser/webFileSystemAccess';
+ import { IProductService } from 'vs/platform/product/common/productService';
++import { IBrowserWorkbenchEnvironmentService } from 'vs/workbench/services/environment/browser/environmentService';
+ 
+ export class WorkbenchContextKeysHandler extends Disposable {
+ 	private inputFocusedContext: IContextKey<boolean>;
+@@ -76,7 +76,7 @@ export class WorkbenchContextKeysHandler
+ 		@IContextKeyService private readonly contextKeyService: IContextKeyService,
+ 		@IWorkspaceContextService private readonly contextService: IWorkspaceContextService,
+ 		@IConfigurationService private readonly configurationService: IConfigurationService,
+-		@IWorkbenchEnvironmentService private readonly environmentService: IWorkbenchEnvironmentService,
++		@IBrowserWorkbenchEnvironmentService private readonly environmentService: IBrowserWorkbenchEnvironmentService,
+ 		@IProductService private readonly productService: IProductService,
+ 		@IEditorService private readonly editorService: IEditorService,
+ 		@IEditorResolverService private readonly editorResolverService: IEditorResolverService,
+@@ -199,6 +199,9 @@ export class WorkbenchContextKeysHandler
+ 		this.auxiliaryBarVisibleContext = AuxiliaryBarVisibleContext.bindTo(this.contextKeyService);
+ 		this.auxiliaryBarVisibleContext.set(this.layoutService.isVisible(Parts.AUXILIARYBAR_PART));
+ 
++		// code-server
++		IsEnabledFileDownloads.bindTo(this.contextKeyService).set(this.environmentService.isEnabledFileDownloads ?? true)
++
+ 		this.registerListeners();
+ 	}
+ 
+Index: code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/files/browser/fileActions.contribution.ts
+@@ -22,7 +22,7 @@ import { CLOSE_SAVED_EDITORS_COMMAND_ID,
+ import { AutoSaveAfterShortDelayContext } from 'vs/workbench/services/filesConfiguration/common/filesConfigurationService';
+ import { WorkbenchListDoubleSelection } from 'vs/platform/list/browser/listService';
+ import { Schemas } from 'vs/base/common/network';
+-import { DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey } from 'vs/workbench/common/contextkeys';
++import { DirtyWorkingCopiesContext, EmptyWorkspaceSupportContext, EnterMultiRootWorkspaceSupportContext, HasWebFileSystemAccess, WorkbenchStateContext, WorkspaceFolderCountContext, SidebarFocusContext, ActiveEditorCanRevertContext, ActiveEditorContext, ResourceContextKey, IsEnabledFileDownloads } from 'vs/workbench/common/contextkeys';
+ import { IsWebContext } from 'vs/platform/contextkey/common/contextkeys';
+ import { ServicesAccessor } from 'vs/platform/instantiation/common/instantiation';
+ import { ThemeIcon } from 'vs/platform/theme/common/themeService';
+@@ -477,13 +477,16 @@ MenuRegistry.appendMenuItem(MenuId.Explo
+ 		id: DOWNLOAD_COMMAND_ID,
+ 		title: DOWNLOAD_LABEL
+ 	},
+-	when: ContextKeyExpr.or(
+-		// native: for any remote resource
+-		ContextKeyExpr.and(IsWebContext.toNegated(), ResourceContextKey.Scheme.notEqualsTo(Schemas.file)),
+-		// web: for any files
+-		ContextKeyExpr.and(IsWebContext, ExplorerFolderContext.toNegated(), ExplorerRootContext.toNegated()),
+-		// web: for any folders if file system API support is provided
+-		ContextKeyExpr.and(IsWebContext, HasWebFileSystemAccess)
++	when: ContextKeyExpr.and(
++		IsEnabledFileDownloads,
++		ContextKeyExpr.or(
++			// native: for any remote resource
++			ContextKeyExpr.and(IsWebContext.toNegated(), ResourceContextKey.Scheme.notEqualsTo(Schemas.file)),
++			// web: for any files
++			ContextKeyExpr.and(IsWebContext, ExplorerFolderContext.toNegated(), ExplorerRootContext.toNegated()),
++			// web: for any folders if file system API support is provided
++			ContextKeyExpr.and(IsWebContext, HasWebFileSystemAccess)
++		)
+ 	)
+ }));
+ 
+Index: code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/common/contextkeys.ts
++++ code-server/lib/vscode/src/vs/workbench/common/contextkeys.ts
+@@ -30,6 +30,8 @@ export const IsFullscreenContext = new R
+ 
+ export const HasWebFileSystemAccess = new RawContextKey<boolean>('hasWebFileSystemAccess', false, true); // Support for FileSystemAccess web APIs (https://wicg.github.io/file-system-access)
+ 
++export const IsEnabledFileDownloads = new RawContextKey<boolean>('isEnabledFileDownloads', true, true);
++
+ //#endregion
+ 
+ 

patches/display-language.diff

@@ -0,0 +1,332 @@
+Add display language support
+
+We can remove this once upstream supports all language packs.
+
+1. Proxies language packs to the service on the backend.
+2. NLS configuration is embedded into the HTML for the browser to pick up.  This
+   code to generate this configuration is copied from the native portion.
+3. Remove configuredLocale since we have our own thing.
+4. Move the argv.json file to the server instead of in-browser storage.  This is
+   where the current locale is stored and currently the server needs to be able
+   to read it.
+5. Add the locale flag.
+6. Remove the redundant locale verification.  It does the same as the existing
+   one but is worse because it does not handle non-existent or empty files.
+7. Replace some caching and Node requires because code-server does not restart
+   when changing the language unlike native Code.
+
+Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverServices.ts
++++ code-server/lib/vscode/src/vs/server/node/serverServices.ts
+@@ -212,6 +212,9 @@ export async function setupServerService
+ 		const channel = new ExtensionManagementChannel(extensionManagementService, (ctx: RemoteAgentConnectionContext) => getUriTransformer(ctx.remoteAuthority));
+ 		socketServer.registerChannel('extensions', channel);
+ 
++		const languagePackChannel = ProxyChannel.fromService<RemoteAgentConnectionContext>(accessor.get(ILanguagePackService));
++		socketServer.registerChannel('languagePacks', languagePackChannel);
++
+ 		const encryptionChannel = ProxyChannel.fromService<RemoteAgentConnectionContext>(accessor.get(IEncryptionMainService));
+ 		socketServer.registerChannel('encryption', encryptionChannel);
+ 
+Index: code-server/lib/vscode/src/vs/base/common/platform.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/platform.ts
++++ code-server/lib/vscode/src/vs/base/common/platform.ts
+@@ -2,8 +2,6 @@
+  *  Copyright (c) Microsoft Corporation. All rights reserved.
+  *  Licensed under the MIT License. See License.txt in the project root for license information.
+  *--------------------------------------------------------------------------------------------*/
+-import * as nls from 'vs/nls';
+-
+ const LANGUAGE_DEFAULT = 'en';
+ 
+ let _isWindows = false;
+@@ -81,17 +79,19 @@ if (typeof navigator === 'object' && !is
+ 	_isLinux = _userAgent.indexOf('Linux') >= 0;
+ 	_isWeb = true;
+ 
+-	const configuredLocale = nls.getConfiguredDefaultLocale(
+-		// This call _must_ be done in the file that calls `nls.getConfiguredDefaultLocale`
+-		// to ensure that the NLS AMD Loader plugin has been loaded and configured.
+-		// This is because the loader plugin decides what the default locale is based on
+-		// how it's able to resolve the strings.
+-		nls.localize({ key: 'ensureLoaderPluginIsLoaded', comment: ['{Locked}'] }, '_')
+-	);
+-
+-	_locale = configuredLocale || LANGUAGE_DEFAULT;
++	_locale = LANGUAGE_DEFAULT;
+ 
+ 	_language = _locale;
++	const el = typeof document !== 'undefined' && document.getElementById('vscode-remote-nls-configuration');
++	const rawNlsConfig = el && el.getAttribute('data-settings');
++	if (rawNlsConfig) {
++		try {
++			const nlsConfig: NLSConfig = JSON.parse(rawNlsConfig);
++			_locale = nlsConfig.locale;
++			_translationsConfigFile = nlsConfig._translationsConfigFile;
++			_language = nlsConfig.availableLanguages['*'] || LANGUAGE_DEFAULT;
++		} catch (error) { /* Oh well. */ }
++	}
+ }
+ 
+ // Native environment
+Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.html
++++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
+@@ -23,6 +23,9 @@
+ 		<!-- Workbench Auth Session -->
+ 		<meta id="vscode-workbench-auth-session" data-settings="{{WORKBENCH_AUTH_SESSION}}">
+ 
++		<!-- NLS Configuration -->
++		<meta id="vscode-remote-nls-configuration" data-settings="{{NLS_CONFIGURATION}}">
++
+ 		<!-- Workbench Icon/Manifest/CSS -->
+ 		<link rel="icon" href="{{BASE}}/_static/src/browser/media/favicon-dark-support.svg" />
+ 		<link rel="alternate icon" href="{{BASE}}/_static/src/browser/media/favicon.ico" type="image/x-icon" />
+@@ -46,15 +49,26 @@
+ 		// Set up nls if the user is not using the default language (English)
+ 		const nlsConfig = {};
+ 		const locale = window.localStorage.getItem('vscode.nls.locale') || navigator.language;
+-		if (!locale.startsWith('en')) {
+-			nlsConfig['vs/nls'] = {
+-				availableLanguages: {
+-					'*': locale
+-				},
+-				translationServiceUrl: '{{WORKBENCH_NLS_BASE_URL}}'
+-			};
+-		}
+-
++		try {
++			nlsConfig['vs/nls'] = JSON.parse(document.getElementById("vscode-remote-nls-configuration").getAttribute("data-settings"))
++			if (nlsConfig['vs/nls']._resolvedLanguagePackCoreLocation) {
++				const bundles = Object.create(null)
++				nlsConfig['vs/nls'].loadBundle = (bundle, _language, cb) => {
++					const result = bundles[bundle]
++					if (result) {
++						return cb(undefined, result)
++					}
++					const path = nlsConfig['vs/nls']._resolvedLanguagePackCoreLocation + "/" + bundle.replace(/\//g, "!") + ".nls.json"
++					fetch(`{{WORKBENCH_WEB_BASE_URL}}/../vscode-remote-resource?path=${encodeURIComponent(path)}`)
++						.then((response) => response.json())
++						.then((json) => {
++							bundles[bundle] = json
++							cb(undefined, json)
++						})
++						.catch(cb)
++				}
++			}
++		} catch (error) { /* Probably fine. */ }
+ 		require.config({
+ 			baseUrl: `${baseUrl}/out`,
+ 			recordStats: true,
+Index: code-server/lib/vscode/src/vs/platform/environment/common/environmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/environment/common/environmentService.ts
++++ code-server/lib/vscode/src/vs/platform/environment/common/environmentService.ts
+@@ -105,7 +105,7 @@ export abstract class AbstractNativeEnvi
+ 			return URI.file(join(vscodePortable, 'argv.json'));
+ 		}
+ 
+-		return joinPath(this.userHome, this.productService.dataFolderName, 'argv.json');
++		return joinPath(this.appSettingsHome, 'argv.json');
+ 	}
+ 
+ 	@memoize
+Index: code-server/lib/vscode/src/vs/server/node/remoteLanguagePacks.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/remoteLanguagePacks.ts
++++ code-server/lib/vscode/src/vs/server/node/remoteLanguagePacks.ts
+@@ -30,6 +30,12 @@ export function getNLSConfiguration(lang
+ 				if (InternalNLSConfiguration.is(value)) {
+ 					value._languagePackSupport = true;
+ 				}
++				// If the configuration has no results keep trying since code-server
++				// doesn't restart when a language is installed so this result would
++				// persist (the plugin might not be installed yet for example).
++				if (value.locale !== 'en' && value.locale !== 'en-us' && Object.keys(value.availableLanguages).length === 0) {
++					_cache.delete(key);
++				}
+ 				return value;
+ 			});
+ 			_cache.set(key, result);
+@@ -44,3 +50,43 @@ export namespace InternalNLSConfiguratio
+ 		return candidate && typeof candidate._languagePackId === 'string';
+ 	}
+ }
++
++/**
++ * The code below is copied from from src/main.js.
++ */
++
++export const getLocaleFromConfig = async (argvResource: string): Promise<string> => {
++	try {
++		const content = stripComments(await fs.promises.readFile(argvResource, 'utf8'));
++		return JSON.parse(content).locale;
++	} catch (error) {
++		if (error.code !== "ENOENT") {
++			console.warn(error)
++		}
++		return 'en';
++	}
++};
++
++const stripComments = (content: string): string => {
++	const regexp = /('(?:[^\\']*(?:\\.)?)*')|('(?:[^\\']*(?:\\.)?)*')|(\/\*(?:\r?\n|.)*?\*\/)|(\/{2,}.*?(?:(?:\r?\n)|$))/g;
++
++	return content.replace(regexp, (match, _m1, _m2, m3, m4) => {
++		// Only one of m1, m2, m3, m4 matches
++		if (m3) {
++			// A block comment. Replace with nothing
++			return '';
++		} else if (m4) {
++			// A line comment. If it ends in \r?\n then keep it.
++			const length_1 = m4.length;
++			if (length_1 > 2 && m4[length_1 - 1] === '\n') {
++				return m4[length_1 - 2] === '\r' ? '\r\n' : '\n';
++			}
++			else {
++				return '';
++			}
++		} else {
++			// We match a string
++			return match;
++		}
++	});
++};
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -26,6 +26,7 @@ import { URI } from 'vs/base/common/uri'
+ import { streamToBuffer } from 'vs/base/common/buffer';
+ import { IProductConfiguration } from 'vs/base/common/product';
+ import { isString } from 'vs/base/common/types';
++import { getLocaleFromConfig, getNLSConfiguration } from 'vs/server/node/remoteLanguagePacks';
+ import { CharCode } from 'vs/base/common/charCode';
+ import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
+ 
+@@ -299,6 +300,8 @@ export class WebClientServer {
+ 
+ 		const base = relativeRoot(getOriginalUrl(req))
+ 		const vscodeBase = relativePath(getOriginalUrl(req))
++		const locale = this._environmentService.args.locale || await getLocaleFromConfig(this._environmentService.argvResource.fsPath);
++		const nlsConfiguration = await getNLSConfiguration(locale, this._environmentService.userDataPath)
+ 
+ 		const workbenchWebConfiguration = {
+ 			remoteAuthority,
+@@ -339,6 +342,7 @@ export class WebClientServer {
+ 			WORKBENCH_NLS_BASE_URL: vscodeBase + (nlsBaseUrl ? `${nlsBaseUrl}${!nlsBaseUrl.endsWith('/') ? '/' : ''}${this._productService.commit}/${this._productService.version}/` : ''),
+ 			BASE: base,
+ 			VS_BASE: vscodeBase,
++			NLS_CONFIGURATION: asJSON(nlsConfiguration),
+ 		};
+ 
+ 
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
++++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -15,6 +15,7 @@ export const serverOptions: OptionDescri
+ 	'disable-update-check': { type: 'boolean' },
+ 	'auth': { type: 'string' },
+ 	'disable-file-downloads': { type: 'boolean' },
++	'locale': { type: 'string' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -97,6 +98,7 @@ export interface ServerParsedArgs {
+ 	'disable-update-check'?: boolean;
+ 	'auth'?: string
+ 	'disable-file-downloads'?: boolean;
++	'locale'?: string
+ 
+ 	/* ----- server setup ----- */
+ 
+Index: code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/workbench.web.main.ts
++++ code-server/lib/vscode/src/vs/workbench/workbench.web.main.ts
+@@ -122,8 +122,9 @@ import 'vs/workbench/contrib/logs/browse
+ // Explorer
+ import 'vs/workbench/contrib/files/browser/files.web.contribution';
+ 
+-// Localization
+-import 'vs/workbench/contrib/localization/browser/localization.contribution';
++// Localization.  This does not actually import anything specific to Electron so
++// it should be safe.
++import 'vs/workbench/contrib/localization/electron-sandbox/localization.contribution';
+ 
+ // Performance
+ import 'vs/workbench/contrib/performance/browser/performance.web.contribution';
+Index: code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePacks.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/languagePacks/browser/languagePacks.ts
++++ code-server/lib/vscode/src/vs/platform/languagePacks/browser/languagePacks.ts
+@@ -4,10 +4,23 @@
+  *--------------------------------------------------------------------------------------------*/
+ 
+ import { ILanguagePackItem, LanguagePackBaseService } from 'vs/platform/languagePacks/common/languagePacks';
++import { ProxyChannel } from 'vs/base/parts/ipc/common/ipc';
++import { ILanguagePackService } from 'vs/platform/languagePacks/common/languagePacks';
++import { IRemoteAgentService } from 'vs/workbench/services/remote/common/remoteAgentService';
++import { IExtensionGalleryService } from 'vs/platform/extensionManagement/common/extensionManagement';
+ 
+ export class WebLanguagePacksService extends LanguagePackBaseService {
+-	// Web doesn't have a concept of language packs, so we just return an empty array
++	private readonly languagePackService: ILanguagePackService;
++
++	constructor(
++		@IRemoteAgentService remoteAgentService: IRemoteAgentService,
++		@IExtensionGalleryService extensionGalleryService: IExtensionGalleryService
++	) {
++		super(extensionGalleryService)
++		this.languagePackService = ProxyChannel.toService<ILanguagePackService>(remoteAgentService.getConnection()!.getChannel('languagePacks'));
++	}
++
+ 	getInstalledLanguages(): Promise<ILanguagePackItem[]> {
+-		return Promise.resolve([]);
++		return this.languagePackService.getInstalledLanguages()
+ 	}
+ }
+Index: code-server/lib/vscode/src/vs/workbench/contrib/localization/electron-sandbox/localeService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/localization/electron-sandbox/localeService.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/localization/electron-sandbox/localeService.ts
+@@ -41,7 +41,8 @@ export class NativeLocaleService impleme
+ 		@IProductService private readonly productService: IProductService
+ 	) { }
+ 
+-	private async validateLocaleFile(): Promise<boolean> {
++	// Make public just so we do not have to patch all the unused code out.
++	public async validateLocaleFile(): Promise<boolean> {
+ 		try {
+ 			const content = await this.textFileService.read(this.environmentService.argvResource, { encoding: 'utf8' });
+ 
+@@ -68,9 +69,6 @@ export class NativeLocaleService impleme
+ 	}
+ 
+ 	private async writeLocaleValue(locale: string | undefined): Promise<boolean> {
+-		if (!(await this.validateLocaleFile())) {
+-			return false;
+-		}
+ 		await this.jsonEditingService.write(this.environmentService.argvResource, [{ path: ['locale'], value: locale }], true);
+ 		return true;
+ 	}
+Index: code-server/lib/vscode/src/vs/base/node/languagePacks.js
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/node/languagePacks.js
++++ code-server/lib/vscode/src/vs/base/node/languagePacks.js
+@@ -73,7 +73,10 @@
+ 		function getLanguagePackConfigurations(userDataPath) {
+ 			const configFile = path.join(userDataPath, 'languagepacks.json');
+ 			try {
+-				return nodeRequire(configFile);
++				// This must not use Node's require otherwise it will be cached forever.
++				// Code can get away with this since the process actually restarts but
++				// that is not currently the case with code-server.
++				return JSON.parse(fs.readFileSync(configFile, "utf8"));
+ 			} catch (err) {
+ 				// Do nothing. If we can't read the file we have no
+ 				// language pack config.

patches/github-auth.diff

@@ -0,0 +1,106 @@
+Add the ability to provide a GitHub token
+
+To test install the GitHub PR extension and start code-server with GITHUB_TOKEN
+or set github-auth in the config file.  The extension should be authenticated.
+
+Index: code-server/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
++++ code-server/lib/vscode/src/vs/platform/credentials/node/credentialsMainService.ts
+@@ -5,9 +5,18 @@
+ 
+ import { InMemoryCredentialsProvider } from 'vs/platform/credentials/common/credentials';
+ import { ILogService } from 'vs/platform/log/common/log';
+-import { INativeEnvironmentService } from 'vs/platform/environment/common/environment';
++import { IServerEnvironmentService } from 'vs/server/node/serverEnvironmentService';
+ import { IProductService } from 'vs/platform/product/common/productService';
+ import { BaseCredentialsMainService, KeytarModule } from 'vs/platform/credentials/common/credentialsMainService';
++import { generateUuid } from 'vs/base/common/uuid';
++import { equals as arrayEquals } from 'vs/base/common/arrays';
++
++interface IToken {
++	accessToken: string
++	account?: { label: string }
++	id: string
++	scopes: string[]
++}
+ 
+ export class CredentialsWebMainService extends BaseCredentialsMainService {
+ 	// Since we fallback to the in-memory credentials provider, we do not need to surface any Keytar load errors
+@@ -16,10 +25,15 @@ export class CredentialsWebMainService e
+ 
+ 	constructor(
+ 		@ILogService logService: ILogService,
+-		@INativeEnvironmentService private readonly environmentMainService: INativeEnvironmentService,
++		@IServerEnvironmentService private readonly environmentMainService: IServerEnvironmentService,
+ 		@IProductService private readonly productService: IProductService,
+ 	) {
+ 		super(logService);
++		if (this.environmentMainService.args["github-auth"]) {
++			this.storeGitHubToken(this.environmentMainService.args["github-auth"]).catch((error) => {
++				this.logService.error('Failed to store provided GitHub token', error)
++			})
++		}
+ 	}
+ 
+ 	// If the credentials service is running on the server, we add a suffix -server to differentiate from the location that the
+@@ -48,4 +62,59 @@ export class CredentialsWebMainService e
+ 		}
+ 		return this._keytarCache;
+ 	}
++
++	private async storeGitHubToken(githubToken: string): Promise<void> {
++		const extensionId = 'vscode.github-authentication';
++		const service = `${await this.getSecretStoragePrefix()}${extensionId}`;
++		const account = 'github.auth';
++		const scopes = [['read:user', 'user:email', 'repo']]
++
++		// Oddly the scopes need to match exactly so we cannot just have one token
++		// with all the scopes, instead we have to duplicate the token for each
++		// expected set of scopes.
++		const tokens: IToken[] = scopes.map((scopes) => ({
++			id: generateUuid(),
++			scopes: scopes.sort(), // Sort for comparing later.
++			accessToken: githubToken,
++		}));
++
++		const raw = await this.getPassword(service, account)
++
++		let existing: {
++			content: IToken[]
++		} | undefined;
++
++		if (raw) {
++			try {
++				const json = JSON.parse(raw);
++				json.content = JSON.parse(json.content);
++				existing = json;
++			} catch (error) {
++				this.logService.error('Failed to parse existing GitHub credentials', error)
++			}
++		}
++
++		// Keep tokens for account and scope combinations we do not have in case
++		// there is an extension that uses scopes we have not accounted for (in
++		// these cases the user will need to manually authenticate the extension
++		// through the UI) or the user has tokens for other accounts.
++		if (existing?.content) {
++			existing.content = existing.content.filter((existingToken) => {
++				const scopes = existingToken.scopes.sort();
++				return !(tokens.find((token) => {
++					return arrayEquals(scopes, token.scopes)
++						&& token.account?.label === existingToken.account?.label;
++				}))
++			})
++		}
++
++		return this.setPassword(service, account, JSON.stringify({
++			extensionId,
++			...(existing || {}),
++			content: JSON.stringify([
++				...tokens,
++				...(existing?.content || []),
++			])
++		}));
++	}
+ }

patches/heartbeat.diff

@@ -0,0 +1,37 @@
+Add a heartbeat to web socket connections
+
+This prevents them from being killed when they are idle.  To test run behind
+NGINX, make sure the sockets are idle (check dev tools), then wait 60+ seconds.
+
+Index: code-server/lib/vscode/src/vs/base/parts/ipc/common/ipc.net.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/parts/ipc/common/ipc.net.ts
++++ code-server/lib/vscode/src/vs/base/parts/ipc/common/ipc.net.ts
+@@ -7,6 +7,7 @@ import { VSBuffer } from 'vs/base/common
+ import { Emitter, Event } from 'vs/base/common/event';
+ import { Disposable, dispose, IDisposable } from 'vs/base/common/lifecycle';
+ import { IIPCLogger, IMessagePassingProtocol, IPCClient } from 'vs/base/parts/ipc/common/ipc';
++import { isWeb } from 'vs/base/common/platform';
+ 
+ export const enum SocketDiagnosticsEventType {
+ 	Created = 'created',
+@@ -828,6 +829,19 @@ export class PersistentProtocol implemen
+ 		this._socketDisposables.push(this._socketWriter);
+ 		this._socketReader = new ProtocolReader(this._socket);
+ 		this._socketDisposables.push(this._socketReader);
++		// Send empty messages to keep the socket alive.  We only need this on the
++		// web where sockets can be killed by reverse proxies for inactivity.
++		if (isWeb) {
++			const timer = setInterval(() => {
++				const msg = new ProtocolMessage(ProtocolMessageType.None, 0, 0, getEmptyBuffer());
++				this._socketWriter.write(msg);
++			}, 45000); // NGINX has a 60 second default timeout so try 45 seconds.
++			this._socketDisposables.push({
++				dispose: () => {
++					clearInterval(timer);
++				},
++			});
++		}
+ 		this._socketDisposables.push(this._socketReader.onMessage(msg => this._receiveMessage(msg)));
+ 		this._socketDisposables.push(this._socket.onClose((e) => this._onSocketClose.fire(e)));
+ 		if (initialChunk) {

patches/insecure-notification.diff

@@ -0,0 +1,62 @@
+Add a notification when accessing code-server in an insecure context
+
+This is done because otherwise when things like the clipboard do not work users
+may think code-server is broken.  Ideally there would be a notification at the
+point where these things are used instead of this though.
+
+To test access over something like an HTTP domain or an IP address (not
+localhost). For example:
+
+1. run code-server
+2. use ngrok to expose code-server
+3. access via HTTP
+4. look for notification in bottom right
+
+Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
+@@ -1,7 +1,10 @@
+ import { Disposable } from 'vs/base/common/lifecycle';
++import { localize } from 'vs/nls';
++import { INotificationService, Severity } from 'vs/platform/notification/common/notification';
+ 
+ export class CodeServerClient extends Disposable {
+ 	constructor (
++		@INotificationService private notificationService: INotificationService,
+ 	) {
+ 		super();
+ 	}
+@@ -42,5 +45,32 @@ export class CodeServerClient extends Di
+ 				}
+ 			});
+ 		}
++
++		if (!window.isSecureContext) {
++			this.notificationService.notify({
++				severity: Severity.Warning,
++				message: localize(
++					'insecureContext',
++					"{0} is being accessed in an insecure context. Web views, the clipboard, and other functionality may not work as expected.",
++					'code-server',
++				),
++				actions: {
++					primary: [
++						{
++							id: 'understand',
++							label: localize('confirmInsecure', "I understand"),
++							tooltip: '',
++							class: undefined,
++							enabled: true,
++							checked: true,
++							dispose: () => undefined,
++							run: () => {
++								return Promise.resolve();
++							},
++						},
++					],
++				},
++			});
++		}
+ 	}
+ }

patches/integration.diff

@@ -0,0 +1,273 @@
+Prepare Code for integration with code-server
+
+1. We already have the arguments so allow passing them in.  There is also a
+   slight change in a few directories to preserve the directory structure we
+   have been using and to not override passed-in arguments.
+2. Modify the terminal environment to filter out code-server environment variables.
+3. Add the code-server version to the help dialog.
+4. Add ready events for use in an iframe.
+5. Add our icons.
+6. Use our own manifest.
+
+Index: code-server/lib/vscode/src/vs/server/node/server.main.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/server.main.ts
++++ code-server/lib/vscode/src/vs/server/node/server.main.ts
+@@ -12,7 +12,7 @@ import { createServer as doCreateServer,
+ import { parseArgs, ErrorReporter } from 'vs/platform/environment/node/argv';
+ import { join, dirname } from 'vs/base/common/path';
+ import { performance } from 'perf_hooks';
+-import { serverOptions } from 'vs/server/node/serverEnvironmentService';
++import { serverOptions, ServerParsedArgs } from 'vs/server/node/serverEnvironmentService';
+ import product from 'vs/platform/product/common/product';
+ import * as perf from 'vs/base/common/performance';
+ 
+@@ -34,38 +34,43 @@ const errorReporter: ErrorReporter = {
+ 	}
+ };
+ 
+-const args = parseArgs(process.argv.slice(2), serverOptions, errorReporter);
++function parse(): ServerParsedArgs {
++	return parseArgs(process.argv.slice(2), serverOptions, errorReporter);
++}
+ 
+-const REMOTE_DATA_FOLDER = args['server-data-dir'] || process.env['VSCODE_AGENT_FOLDER'] || join(os.homedir(), product.serverDataFolderName || '.vscode-remote');
+-const USER_DATA_PATH = join(REMOTE_DATA_FOLDER, 'data');
+-const APP_SETTINGS_HOME = join(USER_DATA_PATH, 'User');
+-const GLOBAL_STORAGE_HOME = join(APP_SETTINGS_HOME, 'globalStorage');
+-const LOCAL_HISTORY_HOME = join(APP_SETTINGS_HOME, 'History');
+-const MACHINE_SETTINGS_HOME = join(USER_DATA_PATH, 'Machine');
+-args['user-data-dir'] = USER_DATA_PATH;
+-const APP_ROOT = dirname(FileAccess.asFileUri('', require).fsPath);
+-const BUILTIN_EXTENSIONS_FOLDER_PATH = join(APP_ROOT, 'extensions');
+-args['builtin-extensions-dir'] = BUILTIN_EXTENSIONS_FOLDER_PATH;
+-args['extensions-dir'] = args['extensions-dir'] || join(REMOTE_DATA_FOLDER, 'extensions');
+-
+-[REMOTE_DATA_FOLDER, args['extensions-dir'], USER_DATA_PATH, APP_SETTINGS_HOME, MACHINE_SETTINGS_HOME, GLOBAL_STORAGE_HOME, LOCAL_HISTORY_HOME].forEach(f => {
+-	try {
+-		if (!fs.existsSync(f)) {
+-			fs.mkdirSync(f, { mode: 0o700 });
+-		}
+-	} catch (err) { console.error(err); }
+-});
++function createDirs(args: ServerParsedArgs): string {
++	const REMOTE_DATA_FOLDER = args['server-data-dir'] || args['user-data-dir'] || process.env['VSCODE_AGENT_FOLDER'] || join(os.homedir(), product.serverDataFolderName || '.vscode-remote');
++	const USER_DATA_PATH = args['user-data-dir'] || join(REMOTE_DATA_FOLDER, 'data');
++	const APP_SETTINGS_HOME = join(USER_DATA_PATH, 'User');
++	const GLOBAL_STORAGE_HOME = join(APP_SETTINGS_HOME, 'globalStorage');
++	const LOCAL_HISTORY_HOME = join(APP_SETTINGS_HOME, 'History');
++	const MACHINE_SETTINGS_HOME = join(USER_DATA_PATH, 'Machine');
++	args['user-data-dir'] = USER_DATA_PATH;
++	const APP_ROOT = dirname(FileAccess.asFileUri('', require).fsPath);
++	const BUILTIN_EXTENSIONS_FOLDER_PATH = args['builtin-extensions-dir'] || join(APP_ROOT, 'extensions');
++	args['builtin-extensions-dir'] = BUILTIN_EXTENSIONS_FOLDER_PATH;
++	args['extensions-dir'] = args['extensions-dir'] || join(REMOTE_DATA_FOLDER, 'extensions');
++
++	[REMOTE_DATA_FOLDER, args['extensions-dir'], USER_DATA_PATH, APP_SETTINGS_HOME, MACHINE_SETTINGS_HOME, GLOBAL_STORAGE_HOME, LOCAL_HISTORY_HOME].forEach(f => {
++		try {
++			if (!fs.existsSync(f)) {
++				fs.mkdirSync(f, { mode: 0o700 });
++			}
++		} catch (err) { console.error(err); }
++	});
++	return REMOTE_DATA_FOLDER;
++}
+ 
+ /**
+  * invoked by server-main.js
+  */
+-export function spawnCli() {
+-	runCli(args, REMOTE_DATA_FOLDER, serverOptions);
++export function spawnCli(args = parse()): Promise<void> {
++	return runCli(args, createDirs(args), serverOptions);
+ }
+ 
+ /**
+  * invoked by server-main.js
+  */
+-export function createServer(address: string | net.AddressInfo | null): Promise<IServerAPI> {
+-	return doCreateServer(address, args, REMOTE_DATA_FOLDER);
++export function createServer(address: string | net.AddressInfo | null, args = parse()): Promise<IServerAPI> {
++	return doCreateServer(address, args, createDirs(args));
+ }
+Index: code-server/lib/vscode/src/vs/base/common/processes.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/processes.ts
++++ code-server/lib/vscode/src/vs/base/common/processes.ts
+@@ -111,6 +111,8 @@ export function sanitizeProcessEnvironme
+ 		/^VSCODE_(?!SHELL_LOGIN).+$/,
+ 		/^SNAP(|_.*)$/,
+ 		/^GDK_PIXBUF_.+$/,
++		/^CODE_SERVER_.+$/,
++		/^CS_.+$/,
+ 	];
+ 	const envKeys = Object.keys(env);
+ 	envKeys
+Index: code-server/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/parts/dialogs/dialogHandler.ts
+@@ -143,8 +143,11 @@ export class BrowserDialogHandler implem
+ 
+ 	async about(): Promise<void> {
+ 		const detailString = (useAgo: boolean): string => {
+-			return localize('aboutDetail',
+-				"Version: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
++			return localize('aboutCodeServerDetail',
++				"code-server: {0}",
++				this.productService.codeServerVersion ? `v${this.productService.codeServerVersion}` : 'Unknown'
++			) + '\n' + localize('aboutDetail',
++				"Code: {0}\nCommit: {1}\nDate: {2}\nBrowser: {3}",
+ 				this.productService.version || 'Unknown',
+ 				this.productService.commit || 'Unknown',
+ 				this.productService.date ? `${this.productService.date}${useAgo ? ' (' + fromNow(new Date(this.productService.date), true) + ')' : ''}` : 'Unknown',
+Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
+===================================================================
+--- /dev/null
++++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
+@@ -0,0 +1,46 @@
++import { Disposable } from 'vs/base/common/lifecycle';
++
++export class CodeServerClient extends Disposable {
++	constructor (
++	) {
++		super();
++	}
++
++	async startup(): Promise<void> {
++		// Emit ready events
++		const event = new CustomEvent('ide-ready');
++		window.dispatchEvent(event);
++
++		if (parent) {
++			// Tell the parent loading has completed.
++			parent.postMessage({ event: 'loaded' }, '*');
++
++			// Proxy or stop proxing events as requested by the parent.
++			const listeners = new Map<string, (event: Event) => void>();
++
++			window.addEventListener('message', parentEvent => {
++				const eventName = parentEvent.data.bind || parentEvent.data.unbind;
++				if (eventName) {
++					const oldListener = listeners.get(eventName);
++					if (oldListener) {
++						document.removeEventListener(eventName, oldListener);
++					}
++				}
++
++				if (parentEvent.data.bind && parentEvent.data.prop) {
++					const listener = (event: Event) => {
++						parent?.postMessage(
++							{
++								event: parentEvent.data.event,
++								[parentEvent.data.prop]: event[parentEvent.data.prop as keyof Event],
++							},
++							window.location.origin,
++						);
++					};
++					listeners.set(parentEvent.data.bind, listener);
++					document.addEventListener(parentEvent.data.bind, listener);
++				}
++			});
++		}
++	}
++}
+Index: code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/web.main.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
+@@ -69,6 +69,7 @@ import { IndexedDB } from 'vs/base/brows
+ import { BrowserCredentialsService } from 'vs/workbench/services/credentials/browser/credentialsService';
+ import { IWorkspace } from 'vs/workbench/services/host/browser/browserHostService';
+ import { WebFileSystemAccess } from 'vs/platform/files/browser/webFileSystemAccess';
++import { CodeServerClient } from 'vs/workbench/browser/client';
+ import { ITelemetryService } from 'vs/platform/telemetry/common/telemetry';
+ import { IProgressService } from 'vs/platform/progress/common/progress';
+ import { DelayedLogChannel } from 'vs/workbench/services/output/common/delayedLogChannel';
+@@ -116,6 +117,9 @@ export class BrowserMain extends Disposa
+ 		// Startup
+ 		const instantiationService = workbench.startup();
+ 
++		const codeServerClient = this._register(instantiationService.createInstance(CodeServerClient));
++		await codeServerClient.startup();
++
+ 		// Window
+ 		this._register(instantiationService.createInstance(BrowserWindow));
+ 
+Index: code-server/lib/vscode/src/vs/base/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
++++ code-server/lib/vscode/src/vs/base/common/product.ts
+@@ -31,6 +31,8 @@ export type ExtensionVirtualWorkspaceSup
+ };
+ 
+ export interface IProductConfiguration {
++	readonly codeServerVersion?: string
++
+ 	readonly version: string;
+ 	readonly date?: string;
+ 	readonly quality?: string;
+Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
++++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html
+@@ -11,7 +11,8 @@
+ 		<meta name="mobile-web-app-capable" content="yes" />
+ 		<meta name="apple-mobile-web-app-capable" content="yes" />
+ 		<meta name="apple-mobile-web-app-title" content="Code">
+-		<link rel="apple-touch-icon" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/code-192.png" />
++		<link rel="apple-touch-icon" sizes="192x192" href="/_static/src/browser/media/pwa-icon-192.png" />
++		<link rel="apple-touch-icon" sizes="512x512" href="/_static/src/browser/media/pwa-icon-512.png" />
+ 
+ 		<!-- Disable pinch zooming -->
+ 		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
+@@ -26,8 +27,9 @@
+ 		<meta id="vscode-workbench-builtin-extensions" data-settings="{{WORKBENCH_BUILTIN_EXTENSIONS}}">
+ 
+ 		<!-- Workbench Icon/Manifest/CSS -->
+-		<link rel="icon" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/favicon.ico" type="image/x-icon" />
+-		<link rel="manifest" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/manifest.json" crossorigin="use-credentials" />
++		<link rel="icon" href="/_static/src/browser/media/favicon-dark-support.svg" />
++		<link rel="alternate icon" href="/_static/src/browser/media/favicon.ico" type="image/x-icon" />
++		<link rel="manifest" href="/manifest.json" crossorigin="use-credentials" />
+ 	</head>
+ 
+ 	<body aria-label="">
+Index: code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench.html
++++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench.html
+@@ -11,7 +11,8 @@
+ 		<meta name="mobile-web-app-capable" content="yes" />
+ 		<meta name="apple-mobile-web-app-capable" content="yes" />
+ 		<meta name="apple-mobile-web-app-title" content="Code">
+-		<link rel="apple-touch-icon" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/code-192.png" />
++		<link rel="apple-touch-icon" sizes="192x192" href="/_static/src/browser/media/pwa-icon-192.png" />
++		<link rel="apple-touch-icon" sizes="512x512" href="/_static/src/browser/media/pwa-icon-512.png" />
+ 
+ 		<!-- Disable pinch zooming -->
+ 		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no">
+@@ -23,8 +24,9 @@
+ 		<meta id="vscode-workbench-auth-session" data-settings="{{WORKBENCH_AUTH_SESSION}}">
+ 
+ 		<!-- Workbench Icon/Manifest/CSS -->
+-		<link rel="icon" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/favicon.ico" type="image/x-icon" />
+-		<link rel="manifest" href="{{WORKBENCH_WEB_BASE_URL}}/resources/server/manifest.json" crossorigin="use-credentials" />
++		<link rel="icon" href="/_static/src/browser/media/favicon-dark-support.svg" />
++		<link rel="alternate icon" href="/_static/src/browser/media/favicon.ico" type="image/x-icon" />
++		<link rel="manifest" href="/manifest.json" crossorigin="use-credentials" />
+ 		<link data-name="vs/workbench/workbench.web.main" rel="stylesheet" href="{{WORKBENCH_WEB_BASE_URL}}/out/vs/workbench/workbench.web.main.css">
+ 
+ 	</head>
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -308,6 +308,7 @@ export class WebClientServer {
+ 			folderUri: resolveWorkspaceURI(this._environmentService.args['default-folder']),
+ 			workspaceUri: resolveWorkspaceURI(this._environmentService.args['default-workspace']),
+ 			productConfiguration: <Partial<IProductConfiguration>>{
++				codeServerVersion: this._productService.codeServerVersion,
+ 				embedderIdentifier: 'server-distro',
+ 				extensionsGallery: this._webExtensionResourceUrlTemplate ? {
+ 					...this._productService.extensionsGallery,

patches/local-storage.diff

@@ -0,0 +1,66 @@
+Make storage local to the remote server
+
+This solves two problems:
+  1. Extensions running in the browser (like Vim) might use these paths
+     directly instead of using the file service and most likely can't write
+     to `/User` on disk.
+  2. Settings will be stored in the file system instead of in browser
+     storage. Using browser storage makes sharing or seeding settings
+     between browsers difficult. We may want to revisit this once/if we get
+     settings sync.
+
+Unfortunately this does not affect state which uses a separate method with
+IndexedDB and does not appear nearly as easy to redirect to disk.
+
+To test install the Vim extension and make sure something that uses file storage
+works (history recall for example) and change settings from the UI and on disk
+while making sure they appear on the other side.
+
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -303,6 +303,7 @@ export class WebClientServer {
+ 		const workbenchWebConfiguration = {
+ 			remoteAuthority,
+ 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
++			userDataPath: this._environmentService.userDataPath,
+ 			_wrapWebWorkerExtHostInIframe,
+ 			developmentOptions: {
+ 				enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined,
+Index: code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/web.api.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/web.api.ts
+@@ -262,6 +262,11 @@ export interface IWorkbenchConstructionO
+ 	 */
+ 	readonly configurationDefaults?: Record<string, any>;
+ 
++	/**
++	 * Path to the user data directory.
++	 */
++	readonly userDataPath?: string
++
+ 	//#endregion
+ 
+ 
+Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+@@ -53,7 +53,14 @@ export class BrowserWorkbenchEnvironment
+ 	get logFile(): URI { return joinPath(this.logsHome, 'window.log'); }
+ 
+ 	@memoize
+-	get userRoamingDataHome(): URI { return URI.file('/User').with({ scheme: Schemas.vscodeUserData }); }
++	get userRoamingDataHome(): URI { return joinPath(URI.file(this.userDataPath).with({ scheme: Schemas.vscodeRemote }), 'User'); }
++
++	get userDataPath(): string {
++		if (!this.options.userDataPath) {
++			throw new Error('userDataPath was not provided to the browser');
++		}
++		return this.options.userDataPath;
++	}
+ 
+ 	@memoize
+ 	get argvResource(): URI { return joinPath(this.userRoamingDataHome, 'argv.json'); }

patches/log-level.diff

@@ -0,0 +1,21 @@
+Propagate the log level to the client
+
+This can be tested by using `--log trace`.  You should see plenty of debug and
+trace logs in the console.
+
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -304,7 +304,10 @@ export class WebClientServer {
+ 			remoteAuthority,
+ 			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			_wrapWebWorkerExtHostInIframe,
+-			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined },
++			developmentOptions: {
++				enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined,
++				logLevel: this._logService.getLevel(),
++			},
+ 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
+ 			enableWorkspaceTrust: !this._environmentService.args['disable-workspace-trust'],
+ 			folderUri: resolveWorkspaceURI(this._environmentService.args['default-folder']),

patches/logout.diff

@@ -0,0 +1,107 @@
+Add a logout command and menu item
+
+This will only show if you have authentication enabled.
+
+This has e2e tests but are currently disabled and need to be fixed.
+
+Index: code-server/lib/vscode/src/vs/base/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
++++ code-server/lib/vscode/src/vs/base/common/product.ts
+@@ -34,6 +34,7 @@ export interface IProductConfiguration {
+ 	readonly codeServerVersion?: string
+ 	readonly rootEndpoint?: string
+ 	readonly updateEndpoint?: string
++	readonly logoutEndpoint?: string
+ 
+ 	readonly version: string;
+ 	readonly date?: string;
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
++++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -13,6 +13,7 @@ import { IEnvironmentService, INativeEnv
+ export const serverOptions: OptionDescriptions<ServerParsedArgs> = {
+ 	/* ----- code-server ----- */
+ 	'disable-update-check': { type: 'boolean' },
++	'auth': { type: 'string' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -93,6 +94,7 @@ export const serverOptions: OptionDescri
+ export interface ServerParsedArgs {
+ 	/* ----- code-server ----- */
+ 	'disable-update-check'?: boolean;
++	'auth'?: string
+ 
+ 	/* ----- server setup ----- */
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -313,6 +313,7 @@ export class WebClientServer {
+ 				codeServerVersion: this._productService.codeServerVersion,
+ 				rootEndpoint: base,
+ 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
++				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
+ 				embedderIdentifier: 'server-distro',
+ 				extensionsGallery: this._productService.extensionsGallery,
+ 			},
+Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
+@@ -1,11 +1,15 @@
+ import { Disposable } from 'vs/base/common/lifecycle';
+ import { localize } from 'vs/nls';
++import { MenuId, MenuRegistry } from 'vs/platform/actions/common/actions';
++import { CommandsRegistry } from 'vs/platform/commands/common/commands';
+ import { ILogService } from 'vs/platform/log/common/log';
+ import { INotificationService, Severity } from 'vs/platform/notification/common/notification';
+ import { IProductService } from 'vs/platform/product/common/productService';
+ import { IStorageService, StorageScope, StorageTarget } from 'vs/platform/storage/common/storage';
+ 
+ export class CodeServerClient extends Disposable {
++	static LOGOUT_COMMAND_ID = 'code-server.logout';
++
+ 	constructor (
+ 		@ILogService private logService: ILogService,
+ 		@INotificationService private notificationService: INotificationService,
+@@ -82,6 +86,10 @@ export class CodeServerClient extends Di
+ 		if (this.productService.updateEndpoint) {
+ 			this.checkUpdates(this.productService.updateEndpoint)
+ 		}
++
++		if (this.productService.logoutEndpoint) {
++			this.addLogoutCommand(this.productService.logoutEndpoint);
++		}
+ 	}
+ 
+ 	private checkUpdates(updateEndpoint: string) {
+@@ -133,4 +141,25 @@ export class CodeServerClient extends Di
+ 
+ 		updateLoop();
+ 	}
++
++	private addLogoutCommand(logoutEndpoint: string) {
++		CommandsRegistry.registerCommand(CodeServerClient.LOGOUT_COMMAND_ID, () => {
++			const logoutUrl = new URL(logoutEndpoint, window.location.href);
++			// Cookies must be set with absolute paths and must use the same path to
++			// be unset (we set it on the root) so send the relative root and the
++			// current href so the backend can derive the absolute path to the root.
++			logoutUrl.searchParams.set('base', this.productService.rootEndpoint || ".");
++			logoutUrl.searchParams.set('href', window.location.href);
++			window.location.assign(logoutUrl);
++		});
++
++		for (const menuId of [MenuId.CommandPalette, MenuId.MenubarHomeMenu]) {
++			MenuRegistry.appendMenuItem(menuId, {
++				command: {
++					id: CodeServerClient.LOGOUT_COMMAND_ID,
++					title: localize('logout', "Sign out of {0}", 'code-server'),
++				},
++			});
++		}
++	}
+ }

patches/marketplace.diff

@@ -0,0 +1,87 @@
+Add Open VSX default and an env var for marketplace, fix old marketplace
+
+Our old marketplace only supports `serviceUrl` but this causes the marketplace
+to be disabled entirely so this moves the template var check to fix that.
+
+This also removes serverRootPath from the web extension route because that will
+include the commit.  When you update code-server (including this update) the web
+extension will continue using the old path since it is stored in the browser but
+the path will 404 because the commit no longer matches.  This change is only to
+support current installations though because this patch also removes the
+in-between and has web extensions install directly from the marketplace.
+
+This can be tested by setting EXTENSIONS_GALLERY set to:
+
+    '{"serviceUrl": "https://extensions.coder.com/api"}'
+
+
+Index: code-server/lib/vscode/src/vs/platform/product/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/product/common/product.ts
++++ code-server/lib/vscode/src/vs/platform/product/common/product.ts
+@@ -45,7 +45,14 @@ else if (typeof require?.__$__nodeRequir
+ 	}
+ 
+ 	Object.assign(product, {
+-		version: pkg.version
++		version: pkg.version,
++		extensionsGallery: env.EXTENSIONS_GALLERY ? JSON.parse(env.EXTENSIONS_GALLERY) : (product.extensionsGallery || {
++			serviceUrl: "https://open-vsx.org/vscode/gallery",
++			itemUrl: "https://open-vsx.org/vscode/item",
++			resourceUrlTemplate: "https://open-vsx.org/vscode/asset/{publisher}/{name}/{version}/Microsoft.VisualStudio.Code.WebResources/{path}",
++			controlUrl: "",
++			recommendationsUrl: "",
++		}),
+ 	});
+ }
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -111,7 +111,7 @@ export class WebClientServer {
+ 		const serverRootPath = getRemoteServerRootPath(_productService);
+ 		this._staticRoute = `${serverRootPath}/static`;
+ 		this._callbackRoute = `${serverRootPath}/callback`;
+-		this._webExtensionRoute = `${serverRootPath}/web-extension-resource`;
++		this._webExtensionRoute = `/web-extension-resource`;
+ 	}
+ 
+ 	/**
+@@ -312,14 +312,7 @@ export class WebClientServer {
+ 				codeServerVersion: this._productService.codeServerVersion,
+ 				rootEndpoint: base,
+ 				embedderIdentifier: 'server-distro',
+-				extensionsGallery: this._webExtensionResourceUrlTemplate ? {
+-					...this._productService.extensionsGallery,
+-					'resourceUrlTemplate': this._webExtensionResourceUrlTemplate.with({
+-						scheme: 'http',
+-						authority: remoteAuthority,
+-						path: `${this._webExtensionRoute}/${this._webExtensionResourceUrlTemplate.authority}${this._webExtensionResourceUrlTemplate.path}`
+-					}).toString(true)
+-				} : undefined
++				extensionsGallery: this._productService.extensionsGallery,
+ 			},
+ 			callbackRoute: this._callbackRoute
+ 		};
+Index: code-server/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
++++ code-server/lib/vscode/src/vs/workbench/services/extensionResourceLoader/common/extensionResourceLoader.ts
+@@ -16,7 +16,6 @@ import { getServiceMachineId } from 'vs/
+ import { IStorageService } from 'vs/platform/storage/common/storage';
+ import { TelemetryLevel } from 'vs/platform/telemetry/common/telemetry';
+ import { getTelemetryLevel, supportsTelemetry } from 'vs/platform/telemetry/common/telemetryUtils';
+-import { getRemoteServerRootPath } from 'vs/platform/remote/common/remoteHosts';
+ 
+ export const WEB_EXTENSION_RESOURCE_END_POINT = 'web-extension-resource';
+ 
+@@ -60,7 +59,7 @@ export abstract class AbstractExtensionR
+ 		private readonly _environmentService: IEnvironmentService,
+ 		private readonly _configurationService: IConfigurationService,
+ 	) {
+-		this._webExtensionResourceEndPoint = `${getRemoteServerRootPath(_productService)}/${WEB_EXTENSION_RESOURCE_END_POINT}/`;
++		this._webExtensionResourceEndPoint = `/${WEB_EXTENSION_RESOURCE_END_POINT}/`;
+ 		if (_productService.extensionsGallery) {
+ 			this._extensionGalleryResourceUrlTemplate = _productService.extensionsGallery.resourceUrlTemplate;
+ 			this._extensionGalleryAuthority = this._extensionGalleryResourceUrlTemplate ? this._getExtensionGalleryAuthority(URI.parse(this._extensionGalleryResourceUrlTemplate)) : undefined;

patches/parent-origin.diff

@@ -0,0 +1,24 @@
+Remove parentOriginHash checko
+
+This fixes webviews from not working properly due to a change upstream.
+Upstream added a check to ensure parent authority is encoded into the webview
+origin. Since our webview origin is the parent authority, we can bypass this
+check.
+
+Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
++++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/main.js
+@@ -317,6 +317,12 @@ const hostMessaging = new class HostMess
+ 		const id = searchParams.get('id');
+ 
+ 		const hostname = location.hostname;
++
++		// It is safe to run if we are on the same host.
++		const parent = new URL(parentOrigin)
++		if (parent.hostname == location.hostname) {
++			return start(parentOrigin)
++		}
+ 
+ 		if (!crypto.subtle) {
+ 			// cannot validate, not running in a secure context

patches/proposed-api.diff

@@ -0,0 +1,36 @@
+Unconditionally enable the proposed API
+
+To test run an extension that uses the proposed API.
+
+We also override isProposedApiEnabled in case an extension does not declare the
+APIs it needs correctly (the Jupyter extension had this issue).
+
+Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/abstractExtensionService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/abstractExtensionService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/abstractExtensionService.ts
+@@ -1460,7 +1460,7 @@ class ProposedApiController {
+ 
+ 		this._envEnabledExtensions = new Set((_environmentService.extensionEnabledProposedApi ?? []).map(id => ExtensionIdentifier.toKey(id)));
+ 
+-		this._envEnablesProposedApiForAll =
++		this._envEnablesProposedApiForAll = true ||
+ 			!_environmentService.isBuilt || // always allow proposed API when running out of sources
+ 			(_environmentService.isExtensionDevelopment && productService.quality !== 'stable') || // do not allow proposed API against stable builds when developing an extension
+ 			(this._envEnabledExtensions.size === 0 && Array.isArray(_environmentService.extensionEnabledProposedApi)); // always allow proposed API if --enable-proposed-api is provided without extension ID
+Index: code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
++++ code-server/lib/vscode/src/vs/workbench/services/extensions/common/extensions.ts
+@@ -359,10 +359,7 @@ function extensionDescriptionArrayToMap(
+ }
+ 
+ export function isProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): boolean {
+-	if (!extension.enabledApiProposals) {
+-		return false;
+-	}
+-	return extension.enabledApiProposals.includes(proposal);
++	return true
+ }
+ 
+ export function checkProposedApiEnabled(extension: IExtensionDescription, proposal: ApiProposalName): void {

patches/proxy-uri.diff

@@ -0,0 +1,100 @@
+Add VSCODE_PROXY_URI environment variable
+
+This can be used by extensions to open a port and access it through the proxy.
+
+It is available in the terminal as well.
+
+This can be tested using printenv in the terminal and by using the
+codeServerTest.proxyUri command through the test extension (copy it into your
+extensions, use --extensions-dir, or symlink it).
+
+This has e2e tests.
+
+Index: code-server/lib/vscode/src/vs/base/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
++++ code-server/lib/vscode/src/vs/base/common/product.ts
+@@ -35,6 +35,7 @@ export interface IProductConfiguration {
+ 	readonly rootEndpoint?: string
+ 	readonly updateEndpoint?: string
+ 	readonly logoutEndpoint?: string
++	readonly proxyEndpointTemplate?: string
+ 
+ 	readonly version: string;
+ 	readonly date?: string;
+Index: code-server/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
++++ code-server/lib/vscode/src/vs/platform/remote/browser/remoteAuthorityResolverService.ts
+@@ -8,7 +8,7 @@ import { Disposable } from 'vs/base/comm
+ import { RemoteAuthorities } from 'vs/base/common/network';
+ import { URI } from 'vs/base/common/uri';
+ import { IProductService } from 'vs/platform/product/common/productService';
+-import { IRemoteAuthorityResolverService, IRemoteConnectionData, ResolvedAuthority, ResolverResult } from 'vs/platform/remote/common/remoteAuthorityResolver';
++import { IRemoteAuthorityResolverService, IRemoteConnectionData, ResolvedAuthority, ResolvedOptions, ResolverResult } from 'vs/platform/remote/common/remoteAuthorityResolver';
+ import { getRemoteServerRootPath, parseAuthorityWithOptionalPort } from 'vs/platform/remote/common/remoteHosts';
+ 
+ export class RemoteAuthorityResolverService extends Disposable implements IRemoteAuthorityResolverService {
+@@ -22,7 +22,7 @@ export class RemoteAuthorityResolverServ
+ 	private readonly _connectionToken: string | undefined;
+ 	private readonly _connectionTokens: Map<string, string>;
+ 
+-	constructor(@IProductService productService: IProductService, connectionToken: string | undefined, resourceUriProvider: ((uri: URI) => URI) | undefined) {
++	constructor(@IProductService productService: IProductService, connectionToken: string | undefined, resourceUriProvider: ((uri: URI) => URI) | undefined, private readonly proxyEndpointTemplate?: string) {
+ 		super();
+ 		this._cache = new Map<string, ResolverResult>();
+ 		this._connectionToken = connectionToken;
+@@ -62,9 +62,14 @@ export class RemoteAuthorityResolverServ
+ 
+ 	private _doResolveAuthority(authority: string): ResolverResult {
+ 		const connectionToken = this._connectionTokens.get(authority) || this._connectionToken;
++		let options: ResolvedOptions | undefined;
++		if (this.proxyEndpointTemplate) {
++			const proxyUrl = new URL(this.proxyEndpointTemplate, window.location.href);
++			options = { extensionHostEnv: { VSCODE_PROXY_URI: decodeURIComponent(proxyUrl.toString()) }}
++		}
+ 		const defaultPort = (/^https:/.test(window.location.href) ? 443 : 80);
+ 		const { host, port } = parseAuthorityWithOptionalPort(authority, defaultPort);
+-		return { authority: { authority, host: host, port: port, connectionToken } };
++		return { authority: { authority, host: host, port: port, connectionToken }, options };
+ 	}
+ 
+ 	_clearResolvedAuthority(authority: string): void {
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -314,6 +314,7 @@ export class WebClientServer {
+ 				rootEndpoint: base,
+ 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
+ 				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
++				proxyEndpointTemplate: base + '/proxy/{{port}}',
+ 				embedderIdentifier: 'server-distro',
+ 				extensionsGallery: this._productService.extensionsGallery,
+ 			},
+Index: code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/web.main.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/web.main.ts
+@@ -239,7 +239,7 @@ export class BrowserMain extends Disposa
+ 
+ 		// Remote
+ 		const connectionToken = environmentService.options.connectionToken || getCookieValue(connectionTokenCookieName);
+-		const remoteAuthorityResolverService = new RemoteAuthorityResolverService(productService, connectionToken, this.configuration.resourceUriProvider);
++		const remoteAuthorityResolverService = new RemoteAuthorityResolverService(productService, connectionToken, this.configuration.resourceUriProvider, this.configuration.productConfiguration?.proxyEndpointTemplate);
+ 		serviceCollection.set(IRemoteAuthorityResolverService, remoteAuthorityResolverService);
+ 
+ 		// Signing
+Index: code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
++++ code-server/lib/vscode/src/vs/workbench/contrib/terminal/common/terminalEnvironment.ts
+@@ -388,7 +388,7 @@ export async function createTerminalEnvi
+ 
+ 		// Sanitize the environment, removing any undesirable VS Code and Electron environment
+ 		// variables
+-		sanitizeProcessEnvironment(env, 'VSCODE_IPC_HOOK_CLI');
++		sanitizeProcessEnvironment(env, 'VSCODE_IPC_HOOK_CLI', 'VSCODE_PROXY_URI');
+ 
+ 		// Merge config (settings) and ShellLaunchConfig environments
+ 		mergeEnvironments(env, allowedEnvFromConfig);

patches/series

@@ -0,0 +1,23 @@
+integration.diff
+base-path.diff
+proposed-api.diff
+marketplace.diff
+webview.diff
+disable-builtin-ext-update.diff
+insecure-notification.diff
+update-check.diff
+logout.diff
+store-socket.diff
+proxy-uri.diff
+github-auth.diff
+unique-db.diff
+log-level.diff
+local-storage.diff
+service-worker.diff
+connection-type.diff
+sourcemaps.diff
+disable-downloads.diff
+telemetry.diff
+display-language.diff
+cli-window-open.diff
+heartbeat.diff

patches/service-worker.diff

@@ -0,0 +1,67 @@
+Add a service worker
+
+To test try installing code-server as a PWA.
+
+Index: code-server/lib/vscode/src/vs/base/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
++++ code-server/lib/vscode/src/vs/base/common/product.ts
+@@ -36,6 +36,10 @@ export interface IProductConfiguration {
+ 	readonly updateEndpoint?: string
+ 	readonly logoutEndpoint?: string
+ 	readonly proxyEndpointTemplate?: string
++	readonly serviceWorker?: {
++		readonly path: string;
++		readonly scope: string;
++	}
+ 
+ 	readonly version: string;
+ 	readonly date?: string;
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -319,6 +319,10 @@ export class WebClientServer {
+ 				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
+ 				logoutEndpoint: this._environmentService.args['auth'] && this._environmentService.args['auth'] !== "none" ? base + '/logout' : undefined,
+ 				proxyEndpointTemplate: base + '/proxy/{{port}}',
++				serviceWorker: {
++					scope: vscodeBase + '/',
++					path: base + '/_static/out/browser/serviceWorker.js',
++				},
+ 				embedderIdentifier: 'server-distro',
+ 				extensionsGallery: this._productService.extensionsGallery,
+ 			},
+Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
+@@ -90,6 +90,10 @@ export class CodeServerClient extends Di
+ 		if (this.productService.logoutEndpoint) {
+ 			this.addLogoutCommand(this.productService.logoutEndpoint);
+ 		}
++
++		if (this.productService.serviceWorker) {
++			await this.registerServiceWorker(this.productService.serviceWorker);
++		}
+ 	}
+ 
+ 	private checkUpdates(updateEndpoint: string) {
+@@ -162,4 +166,17 @@ export class CodeServerClient extends Di
+ 			});
+ 		}
+ 	}
++
++	private async registerServiceWorker(serviceWorker: { path: string; scope: string }) {
++		if (typeof navigator !== 'undefined' && 'serviceWorker' in navigator) {
++			try {
++				await navigator.serviceWorker.register(serviceWorker.path, {
++					scope: serviceWorker.scope,
++				});
++				this.logService.info('[Service Worker] registered');
++			} catch (error: any) {
++				this.logService.error('[Service Worker] registration', error as Error);
++			}
++		}
++	}
+ }

patches/sourcemaps.diff

@@ -0,0 +1,43 @@
+Make sourcemaps self-hosted
+
+Normally source maps get removed as part of the build process so prevent that
+from happening.  Also avoid using the windows.net host since obviously we can
+not host our source maps there and want them to be self-hosted even if we could.
+
+To test try debugging/browsing the source of a build in a browser.
+
+Index: code-server/lib/vscode/build/gulpfile.reh.js
+===================================================================
+--- code-server.orig/lib/vscode/build/gulpfile.reh.js
++++ code-server/lib/vscode/build/gulpfile.reh.js
+@@ -194,8 +194,7 @@ function packageTask(type, platform, arc
+ 
+ 		const src = gulp.src(sourceFolderName + '/**', { base: '.' })
+ 			.pipe(rename(function (path) { path.dirname = path.dirname.replace(new RegExp('^' + sourceFolderName), 'out'); }))
+-			.pipe(util.setExecutableBit(['**/*.sh']))
+-			.pipe(filter(['**', '!**/*.js.map']));
++			.pipe(util.setExecutableBit(['**/*.sh']));
+ 
+ 		const workspaceExtensionPoints = ['debuggers', 'jsonValidation'];
+ 		const isUIExtension = (manifest) => {
+@@ -234,9 +233,9 @@ function packageTask(type, platform, arc
+ 			.map(name => `.build/extensions/${name}/**`);
+ 
+ 		const extensions = gulp.src(extensionPaths, { base: '.build', dot: true });
+-		const extensionsCommonDependencies = gulp.src('.build/extensions/node_modules/**', { base: '.build', dot: true });
+-		const sources = es.merge(src, extensions, extensionsCommonDependencies)
++		const extensionsCommonDependencies = gulp.src('.build/extensions/node_modules/**', { base: '.build', dot: true })
+ 			.pipe(filter(['**', '!**/*.js.map'], { dot: true }));
++		const sources = es.merge(src, extensions, extensionsCommonDependencies);
+ 
+ 		let version = packageJson.version;
+ 		const quality = product.quality;
+@@ -371,7 +370,7 @@ function tweakProductForServerWeb(produc
+ 	const minifyTask = task.define(`minify-vscode-${type}`, task.series(
+ 		optimizeTask,
+ 		util.rimraf(`out-vscode-${type}-min`),
+-		common.minifyTask(`out-vscode-${type}`, `https://ticino.blob.core.windows.net/sourcemaps/${commit}/core`)
++		common.minifyTask(`out-vscode-${type}`, '')
+ 	));
+ 	gulp.task(minifyTask);
+ 

patches/store-socket.diff

@@ -0,0 +1,37 @@
+Store a static reference to the IPC socket
+
+This lets us use it to open files inside code-server from outside of
+code-server.
+
+To test this:
+1. run code-server
+2. open file outside of code-server i.e. `code-server <path-to-file`
+
+It should open in your existing code-server instance.
+
+Index: code-server/lib/vscode/src/vs/workbench/api/node/extHostExtensionService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/api/node/extHostExtensionService.ts
++++ code-server/lib/vscode/src/vs/workbench/api/node/extHostExtensionService.ts
+@@ -2,7 +2,9 @@
+  *  Copyright (c) Microsoft Corporation. All rights reserved.
+  *  Licensed under the MIT License. See License.txt in the project root for license information.
+  *--------------------------------------------------------------------------------------------*/
+-
++import { promises as fs } from 'fs';
++import * as os from 'os'
++import * as path from 'vs/base/common/path';
+ import * as performance from 'vs/base/common/performance';
+ import { createApiFactoryAndRegisterActors } from 'vs/workbench/api/common/extHost.api.impl';
+ import { RequireInterceptor } from 'vs/workbench/api/common/extHostRequireInterceptor';
+@@ -72,6 +74,10 @@ export class ExtHostExtensionService ext
+ 		if (this._initData.remote.isRemote && this._initData.remote.authority) {
+ 			const cliServer = this._instaService.createInstance(CLIServer);
+ 			process.env['VSCODE_IPC_HOOK_CLI'] = cliServer.ipcHandlePath;
++
++			fs.writeFile(path.join(os.tmpdir(), 'vscode-ipc'), cliServer.ipcHandlePath).catch((error) => {
++				this._logService.error(error);
++			});
+ 		}
+ 
+ 		// Module loading tricks

patches/telemetry.diff

@@ -0,0 +1,147 @@
+Add support for telemetry endpoint
+
+Index: code-server/lib/vscode/src/vs/server/node/serverServices.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverServices.ts
++++ code-server/lib/vscode/src/vs/server/node/serverServices.ts
+@@ -71,6 +71,7 @@ import { IExtensionsScannerService } fro
+ import { ExtensionsScannerService } from 'vs/server/node/extensionsScannerService';
+ import { ExtensionsProfileScannerService, IExtensionsProfileScannerService } from 'vs/platform/extensionManagement/common/extensionsProfileScannerService';
+ import { IUserDataProfilesService, UserDataProfilesService } from 'vs/platform/userDataProfile/common/userDataProfile';
++import { TelemetryClient } from "vs/server/node/telemetryClient";
+ import { NullPolicyService } from 'vs/platform/policy/common/policy';
+ import { OneDataSystemAppender } from 'vs/platform/telemetry/node/1dsAppender';
+ 
+@@ -133,10 +134,13 @@ export async function setupServerService
+ 	const machineId = await getMachineId();
+ 	const isInternal = isInternalTelemetry(productService, configurationService);
+ 	if (supportsTelemetry(productService, environmentService)) {
+-		if (productService.aiConfig && productService.aiConfig.ariaKey) {
++		const telemetryEndpoint = process.env.CS_TELEMETRY_URL || "https://v1.telemetry.coder.com/track";
++		if (telemetryEndpoint) {
++			oneDsAppender = new OneDataSystemAppender(false, eventPrefix, null, () => new TelemetryClient(telemetryEndpoint));
++		} else if (productService.aiConfig && productService.aiConfig.ariaKey) {
+ 			oneDsAppender = new OneDataSystemAppender(isInternal, eventPrefix, null, productService.aiConfig.ariaKey);
+-			disposables.add(toDisposable(() => oneDsAppender?.flush())); // Ensure the AI appender is disposed so that it flushes remaining data
+ 		}
++		disposables.add(toDisposable(() => oneDsAppender?.flush())); // Ensure the AI appender is disposed so that it flushes remaining data
+ 
+ 		const config: ITelemetryServiceConfig = {
+ 			appenders: [oneDsAppender],
+Index: code-server/lib/vscode/src/vs/server/node/telemetryClient.ts
+===================================================================
+--- /dev/null
++++ code-server/lib/vscode/src/vs/server/node/telemetryClient.ts
+@@ -0,0 +1,49 @@
++import { AppInsightsCore, IExtendedTelemetryItem, ITelemetryItem } from '@microsoft/1ds-core-js';
++import * as https from 'https';
++import * as http from 'http';
++import * as os from 'os';
++
++export class TelemetryClient extends AppInsightsCore {
++	public constructor(private readonly endpoint: string) {
++		super();
++	}
++
++	public override track(item: IExtendedTelemetryItem | ITelemetryItem): void {
++		const options = item.baseData || {}
++		if (!options.properties) {
++			options.properties = {};
++		}
++		if (!options.measurements) {
++			options.measurements = {};
++		}
++
++		try {
++			const cpus = os.cpus();
++			options.measurements.cores = cpus.length;
++			options.properties['common.cpuModel'] = cpus[0].model;
++		} catch (error) {}
++
++		try {
++			options.measurements.memoryFree = os.freemem();
++			options.measurements.memoryTotal = os.totalmem();
++		} catch (error) {}
++
++		try {
++			options.properties['common.shell'] = os.userInfo().shell;
++			options.properties['common.release'] = os.release();
++			options.properties['common.arch'] = os.arch();
++		} catch (error) {}
++
++		try {
++			const request = (/^http:/.test(this.endpoint) ? http : https).request(this.endpoint, {
++				method: 'POST',
++				headers: {
++					'Content-Type': 'application/json',
++				},
++			});
++			request.on('error', () => { /* We don't care. */ });
++			request.write(JSON.stringify(options));
++			request.end();
++		} catch (error) {}
++	}
++}
+Index: code-server/lib/vscode/src/vs/workbench/services/telemetry/browser/telemetryService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/telemetry/browser/telemetryService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/telemetry/browser/telemetryService.ts
+@@ -38,26 +38,30 @@ export class TelemetryService extends Di
+ 	) {
+ 		super();
+ 
+-		if (supportsTelemetry(productService, environmentService) && productService.aiConfig?.ariaKey) {
++		if (supportsTelemetry(productService, environmentService)) {
+ 			// If remote server is present send telemetry through that, else use the client side appender
+ 			const appenders = [];
+ 			const isInternal = isInternalTelemetry(productService, configurationService);
+-			const telemetryProvider: ITelemetryAppender = remoteAgentService.getConnection() !== null ? { log: remoteAgentService.logTelemetry.bind(remoteAgentService), flush: remoteAgentService.flushTelemetry.bind(remoteAgentService) } : new OneDataSystemWebAppender(isInternal, 'monacoworkbench', null, productService.aiConfig?.ariaKey);
+-			appenders.push(telemetryProvider);
+-			appenders.push(new TelemetryLogAppender(loggerService, environmentService));
+-			const config: ITelemetryServiceConfig = {
+-				appenders,
+-				commonProperties: resolveWorkbenchCommonProperties(storageService, productService.commit, productService.version, isInternal, environmentService.remoteAuthority, productService.embedderIdentifier, productService.removeTelemetryMachineId, environmentService.options && environmentService.options.resolveCommonTelemetryProperties),
+-				sendErrorTelemetry: this.sendErrorTelemetry,
+-			};
+-			this.impl = this._register(new BaseTelemetryService(config, configurationService, productService));
++			const telemetryProvider: ITelemetryAppender | undefined = remoteAgentService.getConnection() !== null ? { log: remoteAgentService.logTelemetry.bind(remoteAgentService), flush: remoteAgentService.flushTelemetry.bind(remoteAgentService) } : productService.aiConfig?.ariaKey ? new OneDataSystemWebAppender(isInternal, 'monacoworkbench', null, productService.aiConfig?.ariaKey) : undefined;
++			if (telemetryProvider) {
++				appenders.push(telemetryProvider);
++				appenders.push(new TelemetryLogAppender(loggerService, environmentService));
++				const config: ITelemetryServiceConfig = {
++					appenders,
++					commonProperties: resolveWorkbenchCommonProperties(storageService, productService.commit, productService.version, isInternal, environmentService.remoteAuthority, productService.embedderIdentifier, productService.removeTelemetryMachineId, environmentService.options && environmentService.options.resolveCommonTelemetryProperties),
++					sendErrorTelemetry: this.sendErrorTelemetry,
++				};
++				this.impl = this._register(new BaseTelemetryService(config, configurationService, productService));
+ 
+-			if (getTelemetryLevel(configurationService) !== TelemetryLevel.NONE) {
+-				// If we cannot fetch the endpoint it means it is down and we should not send any telemetry.
+-				// This is most likely due to ad blockers
+-				fetch(telemetryEndpointUrl, { method: 'POST' }).catch(err => {
+-					this.impl = NullTelemetryService;
+-				});
++				if (remoteAgentService.getConnection() === null && getTelemetryLevel(configurationService) !== TelemetryLevel.NONE) {
++					// If we cannot fetch the endpoint it means it is down and we should not send any telemetry.
++					// This is most likely due to ad blockers
++					fetch(telemetryEndpointUrl, { method: 'POST' }).catch(err => {
++						this.impl = NullTelemetryService;
++					});
++				}
++			} else {
++				this.impl = NullTelemetryService;
+ 			}
+ 		} else {
+ 			this.impl = NullTelemetryService;
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -324,6 +324,7 @@ export class WebClientServer {
+ 					scope: vscodeBase + '/',
+ 					path: base + '/_static/out/browser/serviceWorker.js',
+ 				},
++				enableTelemetry: this._productService.enableTelemetry,
+ 				embedderIdentifier: 'server-distro',
+ 				extensionsGallery: this._productService.extensionsGallery,
+ 			},

patches/unique-db.diff

@@ -0,0 +1,67 @@
+Prevent state collisions
+
+Previously if you opened different workspaces that had the same filesystem path
+(for example if you have /home/coder on two different machines that are both
+accessed through the same host) they would conflict with each other.  This
+ensures that different browser paths will be unique (for example /workspace1 and
+/workspace2).
+
+The easiest way to test is to open files in the same workspace using both / and
+/vscode and make sure they are not interacting with each other.
+
+It should also migrate old databases which can be tested by opening in an old
+code-server.
+
+This has e2e tests.
+
+Index: code-server/lib/vscode/src/vs/workbench/services/storage/browser/storageService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/storage/browser/storageService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/storage/browser/storageService.ts
+@@ -17,6 +17,7 @@ import { AbstractStorageService, isProfi
+ import { IUserDataProfile } from 'vs/platform/userDataProfile/common/userDataProfile';
+ import { IAnyWorkspaceIdentifier } from 'vs/platform/workspace/common/workspace';
+ import { IUserDataProfileService } from 'vs/workbench/services/userDataProfile/common/userDataProfile';
++import { hash } from 'vs/base/common/hash';
+ 
+ export class BrowserStorageService extends AbstractStorageService {
+ 
+@@ -67,7 +68,11 @@ export class BrowserStorageService exten
+ 					return `global-${this.profileStorageProfile.id}`;
+ 				}
+ 			case StorageScope.WORKSPACE:
+-				return this.payload.id;
++				// Add a unique ID based on the current path for per-workspace databases.
++				// This prevents workspaces on different machines that share the same domain
++				// and file path from colliding (since it does not appear IndexedDB can be
++				// scoped to a path) as long as they are hosted on different paths.
++				return this.payload.id + '-' + hash(location.pathname.toString().replace(/\/$/, "")).toString(16);
+ 		}
+ 	}
+ 
+@@ -141,6 +146,25 @@ export class BrowserStorageService exten
+ 
+ 		await this.workspaceStorage.init();
+ 
++		const firstWorkspaceOpen = this.workspaceStorage.getBoolean(IS_NEW_KEY);
++		if (firstWorkspaceOpen === undefined) {
++			// Migrate the old database.
++			let db: IIndexedDBStorageDatabase | undefined
++			try {
++				db = await IndexedDBStorageDatabase.create({ id: this.payload.id }, this.logService)
++				const items = await db.getItems()
++				for (const [key, value] of items) {
++					this.workspaceStorage.set(key, value);
++				}
++			} catch (error) {
++				this.logService.error(`[IndexedDB Storage ${this.payload.id}] migrate error: ${toErrorMessage(error)}`);
++			} finally {
++				if (db) {
++					db.close()
++				}
++			}
++		}
++
+ 		this.updateIsNew(this.workspaceStorage);
+ 	}
+ 

patches/update-check.diff

@@ -0,0 +1,137 @@
+Add a notification that lets you know when an update is out
+
+The easiest way to test this is probably to change the version in your
+package.json and delete the last notification storage item.
+
+1. change version in root `package.json`
+2. Open DevTools > Application > Storage (top-level)
+3. Click "Clear site data"
+4. See update notification
+
+Index: code-server/lib/vscode/src/vs/workbench/browser/client.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/browser/client.ts
++++ code-server/lib/vscode/src/vs/workbench/browser/client.ts
+@@ -1,10 +1,16 @@
+ import { Disposable } from 'vs/base/common/lifecycle';
+ import { localize } from 'vs/nls';
++import { ILogService } from 'vs/platform/log/common/log';
+ import { INotificationService, Severity } from 'vs/platform/notification/common/notification';
++import { IProductService } from 'vs/platform/product/common/productService';
++import { IStorageService, StorageScope, StorageTarget } from 'vs/platform/storage/common/storage';
+ 
+ export class CodeServerClient extends Disposable {
+ 	constructor (
++		@ILogService private logService: ILogService,
+ 		@INotificationService private notificationService: INotificationService,
++		@IProductService private productService: IProductService,
++		@IStorageService private storageService: IStorageService,
+ 	) {
+ 		super();
+ 	}
+@@ -72,5 +78,59 @@ export class CodeServerClient extends Di
+ 				},
+ 			});
+ 		}
++
++		if (this.productService.updateEndpoint) {
++			this.checkUpdates(this.productService.updateEndpoint)
++		}
++	}
++
++	private checkUpdates(updateEndpoint: string) {
++		const getUpdate = async (updateCheckEndpoint: string): Promise<void> => {
++			this.logService.debug('Checking for update...');
++
++			const response = await fetch(updateCheckEndpoint, {
++				headers: { Accept: 'application/json' },
++			});
++			if (!response.ok) {
++				throw new Error(response.statusText);
++			}
++			const json = await response.json();
++			if (json.error) {
++				throw new Error(json.error);
++			}
++			if (json.isLatest) {
++				return;
++			}
++
++			const lastNoti = this.storageService.getNumber('csLastUpdateNotification', StorageScope.APPLICATION);
++			if (lastNoti) {
++				// Only remind them again after 1 week.
++				const timeout = 1000 * 60 * 60 * 24 * 7;
++				const threshold = lastNoti + timeout;
++				if (Date.now() < threshold) {
++					return;
++				}
++			}
++
++			this.storageService.store('csLastUpdateNotification', Date.now(), StorageScope.APPLICATION, StorageTarget.MACHINE);
++
++			this.notificationService.notify({
++				severity: Severity.Info,
++				message: `[code-server v${json.latest}](https://github.com/cdr/code-server/releases/tag/v${json.latest}) has been released!`,
++			});
++		};
++
++		const updateLoop = (): void => {
++			getUpdate(updateEndpoint)
++				.catch(error => {
++					this.logService.debug(`failed to check for update: ${error}`);
++				})
++				.finally(() => {
++					// Check again every 6 hours.
++					setTimeout(updateLoop, 1000 * 60 * 60 * 6);
++				});
++		};
++
++		updateLoop();
+ 	}
+ }
+Index: code-server/lib/vscode/src/vs/base/common/product.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/base/common/product.ts
++++ code-server/lib/vscode/src/vs/base/common/product.ts
+@@ -33,6 +33,7 @@ export type ExtensionVirtualWorkspaceSup
+ export interface IProductConfiguration {
+ 	readonly codeServerVersion?: string
+ 	readonly rootEndpoint?: string
++	readonly updateEndpoint?: string
+ 
+ 	readonly version: string;
+ 	readonly date?: string;
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -312,6 +312,7 @@ export class WebClientServer {
+ 			productConfiguration: <Partial<IProductConfiguration>>{
+ 				codeServerVersion: this._productService.codeServerVersion,
+ 				rootEndpoint: base,
++				updateEndpoint: !this._environmentService.args['disable-update-check'] ? base + '/update/check' : undefined,
+ 				embedderIdentifier: 'server-distro',
+ 				extensionsGallery: this._productService.extensionsGallery,
+ 			},
+Index: code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
++++ code-server/lib/vscode/src/vs/server/node/serverEnvironmentService.ts
+@@ -11,6 +11,8 @@ import { refineServiceDecorator } from '
+ import { IEnvironmentService, INativeEnvironmentService } from 'vs/platform/environment/common/environment';
+ 
+ export const serverOptions: OptionDescriptions<ServerParsedArgs> = {
++	/* ----- code-server ----- */
++	'disable-update-check': { type: 'boolean' },
+ 
+ 	/* ----- server setup ----- */
+ 
+@@ -89,6 +91,8 @@ export const serverOptions: OptionDescri
+ };
+ 
+ export interface ServerParsedArgs {
++	/* ----- code-server ----- */
++	'disable-update-check'?: boolean;
+ 
+ 	/* ----- server setup ----- */
+ 

patches/webview.diff

@@ -0,0 +1,117 @@
+Serve webviews from the same origin
+
+Normally webviews are served from vscode-webview.net but we would rather them be
+self-hosted.
+
+When doing this CSP will block resources (for example when viewing images) so
+add 'self' to the CSP to fix that.
+
+Additionally the service worker defaults to handling *all* requests made to the
+current host but when self-hosting the webview this will end up including the
+webview HTML itself which means these requests will fail since the communication
+channel between the webview and the main thread has not been set up yet as the
+webview itself is not ready yet (it has no HTML and therefore no script either).
+Since this code exists only for the authentication case we can just skip it when
+it is served from the current host as authentication is not a problem if the
+request is not cross-origin.
+
+There is also an origin check we bypass (this seems to be related to how the
+webview host is separate by default but we serve on the same host).
+
+To test, open a few types of webviews (images, markdown, extension details, etc).
+
+Index: code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
++++ code-server/lib/vscode/src/vs/workbench/services/environment/browser/environmentService.ts
+@@ -177,7 +177,7 @@ export class BrowserWorkbenchEnvironment
+ 
+ 	@memoize
+ 	get webviewExternalEndpoint(): string {
+-		const endpoint = this.options.webviewEndpoint
++		const endpoint = (this.options.webviewEndpoint && new URL(this.options.webviewEndpoint, window.location.toString()).toString())
+ 			|| this.productService.webviewContentExternalBaseUrlTemplate
+ 			|| 'https://{{uuid}}.vscode-cdn.net/{{quality}}/{{commit}}/out/vs/workbench/contrib/webview/browser/pre/';
+ 
+Index: code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/server/node/webClientServer.ts
++++ code-server/lib/vscode/src/vs/server/node/webClientServer.ts
+@@ -302,6 +302,7 @@ export class WebClientServer {
+ 
+ 		const workbenchWebConfiguration = {
+ 			remoteAuthority,
++			webviewEndpoint: vscodeBase + this._staticRoute + '/out/vs/workbench/contrib/webview/browser/pre',
+ 			_wrapWebWorkerExtHostInIframe,
+ 			developmentOptions: { enableSmokeTestDriver: this._environmentService.args['enable-smoke-test-driver'] ? true : undefined },
+ 			settingsSyncOptions: !this._environmentService.isBuilt && this._environmentService.args['enable-sync'] ? { enabled: true } : undefined,
+Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
++++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
+@@ -5,7 +5,7 @@
+ 	<meta charset="UTF-8">
+ 
+ 	<meta http-equiv="Content-Security-Policy"
+-		content="default-src 'none'; script-src 'sha256-JpX/ganPoxpavjxWCz9DUZgwVZ59o2lwSYTQrziPsdU=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
++		content="default-src 'none'; script-src 'sha256-BRi/ZOLWtsisl3jAheglVzKmoA1T6n2Mmf2NM4UnIXE=' 'self'; frame-src 'self'; style-src 'unsafe-inline';">
+ 
+ 	<!-- Disable pinch zooming -->
+ 	<meta name="viewport"
+@@ -331,6 +331,12 @@
+ 
+ 				const hostname = location.hostname;
+ 
++				// It is safe to run if we are on the same host.
++				const parent = new URL(parentOrigin)
++				if (parent.hostname === hostname) {
++					return start(parentOrigin)
++				}
++
+ 				if (!crypto.subtle) {
+ 					// cannot validate, not running in a secure context
+ 					throw new Error(`Cannot validate in current context!`);
+Index: code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
++++ code-server/lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index-no-csp.html
+@@ -330,6 +330,12 @@
+ 
+ 				const hostname = location.hostname;
+ 
++				// It is safe to run if we are on the same host.
++				const parent = new URL(parentOrigin)
++				if (parent.hostname === hostname) {
++					return start(parentOrigin)
++				}
++
+ 				if (!crypto.subtle) {
+ 					// cannot validate, not running in a secure context
+ 					throw new Error(`Cannot validate in current context!`);
+Index: code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
+===================================================================
+--- code-server.orig/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
++++ code-server/lib/vscode/src/vs/workbench/services/extensions/worker/webWorkerExtensionHostIframe.html
+@@ -4,7 +4,7 @@
+ 		<meta http-equiv="Content-Security-Policy" content="
+ 			default-src 'none';
+ 			child-src 'self' data: blob:;
+-			script-src 'self' 'unsafe-eval' 'sha256-/r7rqQ+yrxt57sxLuQ6AMYcy/lUpvAIzHjIJt/OeLWU=' https:;
++			script-src 'self' 'unsafe-eval' 'sha256-TkIM/TmudlFEe0ZRp0ptvN54LClwk30Rql4ZPE0hm/I=' https:;
+ 			connect-src 'self' https: wss: http://localhost:* http://127.0.0.1:* ws://localhost:* ws://127.0.0.1:*;"/>
+ 	</head>
+ 	<body>
+@@ -23,6 +23,13 @@
+ 			// validation not requested
+ 			return start();
+ 		}
++
++		// It is safe to run if we are on the same host.
++		const parent = new URL(parentOrigin)
++		if (parent.hostname === hostname) {
++			return start()
++		}
++
+ 		if (!crypto.subtle) {
+ 			// cannot validate, not running in a secure context
+ 			return sendError(new Error(`Cannot validate in current context!`));

renovate.json

@@ -10,5 +10,6 @@
   ],
   "vulnerabilityAlerts": {
     "enabled": "true"
-  }
+  },
+  "ignoreDeps": ["express"]
 }

src/browser/serviceWorker.ts

@@ -0,0 +1,14 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+self.addEventListener("install", () => {
+  console.debug("[Service Worker] installed")
+})
+
+self.addEventListener("activate", (event: any) => {
+  event.waitUntil((self as any).clients.claim())
+  console.debug("[Service Worker] activated")
+})
+
+self.addEventListener("fetch", () => {
+  // Without this event handler we won't be recognized as a PWA.
+})

src/common/util.ts

@@ -1,12 +1,3 @@
-/**
- * Split a string up to the delimiter. If the delimiter doesn't exist the first
- * item will have all the text and the second item will be an empty string.
- */
-export const split = (str: string, delimiter: string): [string, string] => {
-  const index = str.indexOf(delimiter)
-  return index !== -1 ? [str.substring(0, index).trim(), str.substring(index + 1)] : [str, ""]
-}
-
 /**
  * Appends an 's' to the provided string if count is greater than one;
  * otherwise the string is returned
@@ -34,27 +25,6 @@ export const normalize = (url: string, keepTrailing = false): string => {
   return url.replace(/\/\/+/g, "/").replace(/\/+$/, keepTrailing ? "/" : "")
 }
 
-/**
- * Remove leading and trailing slashes.
- */
-export const trimSlashes = (url: string): string => {
-  return url.replace(/^\/+|\/+$/g, "")
-}
-
-/**
- * Wrap the value in an array if it's not already an array. If the value is
- * undefined return an empty array.
- */
-export const arrayify = <T>(value?: T | T[]): T[] => {
-  if (Array.isArray(value)) {
-    return value
-  }
-  if (typeof value === "undefined") {
-    return []
-  }
-  return [value]
-}
-
 // TODO: Might make sense to add Error handling to the logger itself.
 export function logError(logger: { error: (msg: string) => void }, prefix: string, err: unknown): void {
   if (err instanceof Error) {

src/node/app.ts

@@ -22,40 +22,35 @@ export interface App extends Disposable {
   server: http.Server
 }
 
-const listen = (server: http.Server, { host, port, socket, "socket-mode": mode }: ListenOptions) => {
-  return new Promise<void>(async (resolve, reject) => {
+export const listen = async (server: http.Server, { host, port, socket, "socket-mode": mode }: ListenOptions) => {
+  if (socket) {
+    try {
+      await fs.unlink(socket)
+    } catch (error: any) {
+      handleArgsSocketCatchError(error)
+    }
+  }
+  await new Promise<void>(async (resolve, reject) => {
     server.on("error", reject)
-
     const onListen = () => {
       // Promise resolved earlier so this is an unrelated error.
       server.off("error", reject)
       server.on("error", (err) => util.logError(logger, "http server error", err))
-
-      if (socket && mode) {
-        fs.chmod(socket, mode)
-          .then(resolve)
-          .catch((err) => {
-            util.logError(logger, "socket chmod", err)
-            reject(err)
-          })
-      } else {
-        resolve()
-      }
+      resolve()
     }
-
     if (socket) {
-      try {
-        await fs.unlink(socket)
-      } catch (error: any) {
-        handleArgsSocketCatchError(error)
-      }
-
       server.listen(socket, onListen)
     } else {
       // [] is the correct format when using :: but Node errors with them.
       server.listen(port, host.replace(/^\[|\]$/g, ""), onListen)
     }
   })
+
+  // NOTE@jsjoeio: we need to chmod after the server is finished
+  // listening. Otherwise, the socket may not have been created yet.
+  if (socket && mode) {
+    await fs.chmod(socket, mode)
+  }
 }
 
 /**
@@ -99,36 +94,14 @@ export const ensureAddress = (server: http.Server, protocol: string): URL | stri
   }
 
   if (typeof addr !== "string") {
-    return new URL(`${protocol}://${addr.address}:${addr.port}`)
+    const host = addr.family === "IPv6" ? `[${addr.address}]` : addr.address
+    return new URL(`${protocol}://${host}:${addr.port}`)
   }
 
   // If this is a string then it is a pipe or Unix socket.
   return addr
 }
 
-/**
- * Handles error events from the server.
- *
- * If the outlying Promise didn't resolve
- * then we reject with the error.
- *
- * Otherwise, we log the error.
- *
- * We extracted into a function so that we could
- * test this logic more easily.
- */
-export const handleServerError = (resolved: boolean, err: Error, reject: (err: Error) => void) => {
-  // Promise didn't resolve earlier so this means it's an error
-  // that occurs before the server can successfully listen.
-  // Possibly triggered by listening on an invalid port or socket.
-  if (!resolved) {
-    reject(err)
-  } else {
-    // Promise resolved earlier so this is an unrelated error.
-    util.logError(logger, "http server error", err)
-  }
-}
-
 /**
  * Handles the error that occurs in the catch block
  * after we try fs.unlink(args.socket).
@@ -138,6 +111,6 @@ export const handleServerError = (resolved: boolean, err: Error, reject: (err: E
  */
 export const handleArgsSocketCatchError = (error: any) => {
   if (!isNodeJSErrnoException(error) || error.code !== "ENOENT") {
-    logger.error(error.message ? error.message : error)
+    throw Error(error.message ? error.message : error)
   }
 }